Re: Windows 2003 CA in W2K Domain

From: Brian Komar (bkomar_at_nospam.identit.ca)
Date: 01/23/05 

Date: Sun, 23 Jan 2005 13:31:32 -0600

In article <2E1E6FF3-A419-4E14-AFCD-134FEA586EE6@microsoft.com>,
John@discussions.microsoft.com says...
> Hi, I am planning a deployment of certificate services for a client
> deployment. The client has a Windows 2000 domain but will migrate to 2003 at
> some future (unplanned as yet) time. I am wondering at the benefits /
> possibilities of deploying Windows 2003 certificate services in this
> environment. Is this possible and to what degree the new features can be
> utilised? I believe some features will require the forest schema to be
> updated to 2003 but would appreciate any thoughts anyone has on the pros and
> cons of using a 2003 CA in this environment (there will actually be 2 CAs - a
> standalone root and a subordinate issuing Enterprise CA). Any thought /
> experiences of pitfalls very welcome.
> Thanks.
>
The key is applying the Windows Server 2003 Schema. Once the schema is
updated, you have access to all benefits of the Windows Server 2003 PKI
(subject to the client OS versions).

You can choose either windows 2000 or windows 2003, standard edition for
the oofline CAs. Be sure to select Windows server 2003, enterprise
edition for the issuing CAs.

I have deployed *several* PKIs in the last two years based on this
configuration with no issues.

Brian

Relevant Pages

  • Re: REPOST-MSOffice manipulation w/ WebPage or SmartClient?
    ... In a closed environment where everyone is using Windows and has the ... then a smart client is almost always a better solution ... then use a smart client using no-touch deployment. ... NTD will allow you to distribute a Windows Forms ...
    (microsoft.public.dotnet.general)
  • Re: REPOST-MSOffice manipulation w/ WebPage or SmartClient?
    ... In a closed environment where everyone is using Windows and has the ... then a smart client is almost always a better solution ... then use a smart client using no-touch deployment. ... NTD will allow you to distribute a Windows Forms ...
    (microsoft.public.dotnet.general)
  • Re: Vista - User Directory
    ... Mind you deployment is a hat I ... putting their own files in the Windows or Windows/System32 directories. ... Blather like "some long winded path" is completely meaningless, ... Painfully because of vista. ...
    (microsoft.public.vc.mfc)
  • Re: VB Express vs. ????
    ... AND your target audience is Windows OS based, then "click once" is they way ... the client PC. ... Since these are Windows forms apps you can ... deployment of applications and the web side will return to a more simple (as ...
    (microsoft.public.dotnet.general)
  • Re: MDT 2010 - Some question yet to be answered - ZTI ERROR
    ... We are using Windows XP in our client environment. ... I updated the deploymentshare and created a boot image by using WDS as always, but when I PXE booted the refrence machine the system booted and started up the Lite touch process, this is what i got ZTI ERROR - Unhandled error returned by LTISysprep: The system cannot find the path specified with some error codes. ... if yes then how to take out these from the reference machine, becuase the instance stays there even if you are doing a separate fresh deployment and stops the deployment by throwing errors. ...
    (microsoft.public.windowsxp.help_and_support)