Re: Windows Advanced Server 2000 PKI
From: Arlis Brown (ambrown@eyenm.com)
Date: 04/03/03
- Next message: yazan: "Re: Found hacker's folder"
- Previous message: Xepoleas: "Mystery Problem - Possible malicious script"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Arlis Brown" <ambrown@eyenm.com> Date: Wed, 2 Apr 2003 14:23:19 -0800
Darren,
I was wondering... Does a Enterprise Root CA have to be
installed on a domain controller? Also, the server I'm
planning on installing Certificates Services has the high
encryption disk installed and I noticed it provided a
couple of other CSP options:
Microsoft Enhanced Cryptographic Provider V1.0
Microsoft Strong Cryptographic Provider
What are the pros and cons regarding selecting one of the
options identified above over the standard "Microsoft Base
Cryptographic Provider V1.0"? Thank you in advance for
any assistance you can offer.
Arlis Brown, Network Manager
Eye Associates of NM, Ltd.
>-----Original Message-----
>Without getting into the specifics of your network
topology, use the
>following as a rough guideline for installing a Windows
2000 Enterprise or
>Stand Alone Certificate Authority (CA) in the Active
Directory (AD):
>
>1) Install first Domain Controller (DC)
> - If installing DNS during DC promotion, be sure that
the server has a
>statically assigned IP address before invoking
dcpromo.exe.
> - install or reconfigure your DHCP server accordingly
>
>2) Join Windows 2000 member server to new domain and
install Enterprise or
>Stand Alone CA
>
>Windows 2000 CA in the AD has two different distinct
modes of operation:
>(you can obtain more detailed information about these
differences in the
>online OS help):
> A) Stand Alone Root or Subordinate - supports html
form based web
>enrollment via Internet Information Services (IIS).
>
> B) Enterprise Root or Subordinate -- supports
certificate template based
>enrollment via: web enrollment, machine auto enrollment,
Microsoft
>Management Console (mmc.exe) user and machine
enrollment. Also
>supports Smart card user authentication / logon.
>
>BTW: Use Active Directory Sites and Services mmc console
for administration
>of the Windows 2000 Certificate Templates -- (Click:
View --> Show Services
>Node)
>
>
>--
>Regards,
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>"life" <vvv_edc@yahoo.com> wrote in message
>news:004b01c2e84f$d72dd240$a001280a@phx.gbl...
>> I'm trying to setup PKI/Certificate Services on Windows
>> Advanced Server 2000. Once set-up, I'd like to know how
I
>> can test it to be running.
>>
>> The scenario:
>> We would like to setup PKI having server2 as the
>> certificate authority. This server runs Windows 2000
>> Advanced Server.
>>
>> I have another Windows Advanced Server 2000 (let's calll
>> it server1) where I have installed DOmino 6...both
>> servers are on the same network in a peer-to-peer set-up
>> (using a work group).
>>
>> Another client PC is running XP. All PCs are located on
>> the same internal network sharing a common internet
>> connection shared through a router.
>>
>> The router issues dynamic IPs (DHCP).
>>
>> Since I wanted to setup Certificate Services, I was
asked
>> to setup Active Directory Services first which in turn
>> wanted me to set-up DNS first. I tried installing DNS
>> through the wizard. While our company has a publicly
>> known domain which is hosted by a third party, outside
of
>> the site where I'm configuring the new Primary Domain
>> Controller, I chose a different domain name for the
>> internal network,say internaldomainname. Unfortunately,
>> the DNS installation have taken so long and we had to
>> cancel. Active Directory seem to have been installed,
>> though. But the installation's task bar never got to
>> finish causing the server to hang. I've been reviewing
>> the event viewer and the latest problem.
>>
>> I'm trying to bring back server2 to the original state
>> but am encountering DCOM problems which was supposed to
>> have been disabled (ran dcomconfg; checkbox for default
>> settings has been unchecked).
>>
>> Note that RAM of the server is 512KB and running Windows
>> 2000 Advanced Server.
>>
>> Can you please advise how to go about starting in a more
>> stable slate and configuring PKI? How can I test if the
>> Certificate Services have been setup properly?
>>
>> I'd appreciate any help you can extend.
>>
>> THanks,
>>
>> life
>
>
>.
>
- Next message: yazan: "Re: Found hacker's folder"
- Previous message: Xepoleas: "Mystery Problem - Possible malicious script"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
