Re: DCOM error with NTBACKUP and Certificate Services

From: Paul (paul_at_nospam.com)
Date: 12/31/03

Next message: Bob: "Switch off or not ?"
Previous message: Karl Levinson [x y] mvp: "Re: disaster recovery/decryption? Possible?"
In reply to: Brian Komar : "Re: DCOM error with NTBACKUP and Certificate Services"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 30 Dec 2003 22:46:57 -0800

"Brian Komar" <bkomar@komarconsulting.com.nospam> wrote in message
news:MPG.1a5b7539227c042d989694@msnews.microsoft.com...
> In article <002601c3cef1$6794efc0$a301280a@phx.gbl>,
> anonymous@discussions.microsoft.com says...
> > Hi Brian
> >
> > thanks for the comments and links - I'll alter my
> > configuration to allow for an online enterprise root CA -
> > however I've spent most of the day looking for details on
> > how to configure root so it only issues to subordinate -
> > as far as I can see I need to change the security settings
> > on the either the Certification Authority (just give
> > Authenticated Users Read access) or on individual
> > certificate templates (in Sites and Services), but I've
> > not found any clear documentation on how best to do this.
> >
> > again, thanks
> >
> > regards
> > paul
> <snip>
>
> If you only want the online enterprise root CA to issue certificates to
> subordinate CAs, then you must only publish the Subordinate
> Certification Authority certificate template at the online root CA.
>
> To do this, open the Certification Authority console, and click the
> Certificate templates (or Policy Settings container in 2k), and then
> remove all certificate templates except the Subordinate Certification
> Authority certificate template.
>
> In addition, you can set the permissions on the certificate template to
> limit who can enroll the template. Use Certtmpl.msc if using Windows
> 2003 or AD Sites and Services if using 2k.
>
> Brian

cheers much for clarifying this

have a good new year

regards
paul

Next message: Bob: "Switch off or not ?"
Previous message: Karl Levinson [x y] mvp: "Re: disaster recovery/decryption? Possible?"
In reply to: Brian Komar : "Re: DCOM error with NTBACKUP and Certificate Services"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: CA certificate template custom subject name format
... is it possible to use a different "subject name format" ... the options available on a V2 certificate template (Common name, ... Not through the standard certificate template interface. ... Brian ...
(microsoft.public.windows.server.security)
Re: Why enterprise root CA automatically isue certificates.
... >> Thaks Brian, but that procedure only works in a standalone CA. ... >> Enterprise CA the optios is disabled, is ther a way to enable it? ... > the enrollment decision based on the DACL on the certificate template. ... > With Windows 2000, the option is not available, as you have seen. ...
(microsoft.public.win2000.security)