Re: Problem with WIndows 2003 Certificate Services: Computers install certificates from root domain instead of child domain

From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 11/07/03

  • Next message: Jeff Cochran: "Re: Windows 2003 Server vulnerable to DOS attack" 
    Date: Fri, 7 Nov 2003 05:25:07 -0800

    yes,

    1. make sure you set the ACL on the template specific to the domain
    computers you wish to use that template. then set that template to only be
    used by a specific CA. note you may have to create multiple templates from
    the "computer" template to achieve the result you want

    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/deploy/confeat/ws03crtm.asp 

    -- 
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
"Trond Hindenes" <trond@hindenes.com> wrote in message
news:c175a21a.0311070229.5bdfa9a@posting.google.com...
> hello,
> We have an Active Directory-based domain structure, domain.com. root
> domain has no users, only a few servers. Enterprise root CA is
> installed here. I have a child domain for my country (no.domain.com),
> which has a Subordinate Enterprise CA installed. THrough GPOs I have
> enabled auto-enrollment of Certificates for the Computer accounts in
> my domain. However, some of my computers enroll against the root
> domain CA instead of my CA. I have looked at the Security tab but that
> does only seem to control user enrollments, not computer enrollments.
>
> Doeas anybody know how to "lock" my computers only to use my local CA
> for enrolling?
>
> best regards,
> Trond Hindenes
> Consultant
> Norway
  • Next message: Jeff Cochran: "Re: Windows 2003 Server vulnerable to DOS attack"

    Relevant Pages

    • Re: Sharing templates which contain VB code
      ... What happens when the attempt fails? ... error message, what is the exact text of the message? ... >the template to be shared on other computers. ...
      (microsoft.public.word.customization.menustoolbars)
    • Re: Styles Growing
      ... As soon as I apply any formatting to a piece of text, ... "Elbert" wrote: ... I disconnected the computers, started both from ... the normal template, my custom template, and my ...
      (microsoft.public.word.pagelayout)
    • Sharing templates which contain VB code
      ... the template to be shared on other computers. ... I need to have a template with an incremental number each time a 'new' ... computer has been setup using the suggested AutoNew() and works ... shared area on the server/main computer. ...
      (microsoft.public.word.customization.menustoolbars)
    • Re: Styles Growing
      ... I'm using two computers and synchronizing software that keeps documents and ... I disconnected the computers, started both from ... the normal template, my custom template, and my ... In the styles and formatting task pane, ...
      (microsoft.public.word.pagelayout)
    • Re: Alerting - Malicious software removal tool
      ... >needed to install an application that she could not install from ... >"Administrator" account. ... You failed to analyze the root cause and correct it ... use their computers to have fun. ...
      (microsoft.public.security.virus)
    Loading