Re: EFS and Certificate Services

From: Rschraeger (Rschraeger_at_discussions.microsoft.com)
Date: 08/25/05 

Date: Thu, 25 Aug 2005 06:46:06 -0700

Paul,

I appreaciate your concern for my training but I beleive that I have all the
training I need. I was only looking for clarification on a few items and for
some reason the Enterprise root CA slipped my mind a little.

I think it is because I'm battleing this problem with multiple certificates
being issued. At this time I can reproduce the problem on a enterprise CA
(yes its online) issuing certs to clients. Yes I also know that Enterprise
CA's should not be issuing certs to clients. Again this is only testing.
Anyway the clients recieve multiple EFS certs from the CA. Looking at the
Certificate requests the clients is requesting a EFS cert...which the ca
gives to the clients then the client requests another. 

-- 
RS
MCSE, MCP +I MCP
"Paul Adare" wrote:
> In article <4784A3B5-D2C8-4FCF-B5F0-46BBAE6DE5C8@microsoft.com>, in the 
> microsoft.public.win2000.security news group, =?Utf-8?B?
> UnNjaHJhZWdlcg==?= <Rschraeger@discussions.microsoft.com> says...
> 
> > I thought the root CA was suppose to be take offline for security reasons.  
> > Is it then better to deploy a standalone root CA with a enterprise sub. CA?  
> > Is that even possible?
> > 
> 
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technolog
> ies/security/ws3pkibp.mspx
> 
> or
> 
> http://tinyurl.com/28cjx
> 
> I'd strongly suggest that you look into taking some training. A PKI that 
> is improperly deployed and secured is worse than not having one at all.
> 
> http://www.microsoft.com/learning/syllabi/en-us/2821Afinal.mspx
> 
> -- 
> Paul Adare
> MVP - Windows - Virtual Machine
> http://www.identit.ca/blogs/paul/
> "The English language, complete with irony, satire, and sarcasm, has
> survived for centuries without smileys. Only the new crop of modern 
> computer geeks finds it impossible to detect a joke that is not clearly 
> labeled as such."
> Ray Shea
>

Relevant Pages

  • Re: EFS and Certificate Services
    ... > CA's should not be issuing certs to clients. ... > gives to the clients then the client requests another. ... Where are you seeing the second certificate, ...
    (microsoft.public.win2000.security)
  • Re: Connecting Out of Process Servers via COM+
    ... connection, and in fact we can only use one connection because of the way ... years ago when I needed a number of clients to share a single serial ... it would create a Dispatcher-Object first and registers ... > This means, altough COM+ would allow parallel requests, the calls would be ...
    (microsoft.public.vb.com)
  • Re: Application design question
    ... system where clients can register with the server ... The server would then keep track of these requests and everytime the data ... scheduler component first (one that can fire events based on ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Problem with a Socket server program opening/accepting many connections and the GC is running.
    ... Yes your book is half right - it is 5 pending requests max on Workstation ... server OS if you want to do high capacity server stuff. ... clients connect and then stay connected ... As far as garbage collection killing things, ...
    (microsoft.public.dotnet.framework.performance)
  • RE: Need to share data asynchronously between ASP.NET and Legacy S
    ... >> legacy systems that use a callback mechanism. ... >> callbacks to communicate back to clients. ... >> the CLR threadpool so more requests can be handled. ...
    (microsoft.public.dotnet.framework.aspnet.webservices)