Re: Certificate template modifying
From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 09/23/04
- Next message: Miha Pihler: "Re: Move certificate authority"
- Previous message: Miha Pihler: "Re: Certificate template modifying"
- In reply to: Miha Pihler: "Re: Certificate template modifying"
- Next in thread: schapman: "Re: Certificate template modifying"
- Reply: schapman: "Re: Certificate template modifying"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 23 Sep 2004 23:10:24 +0200
To answer second part of your question. Yes, it is possible to allow
certaing users to access only certain templates. Again you will need Windows
2003 Enterprise setup of Windows CA. Then you can use permissions to allow
users to access only certain templates or use auto-enrollment based on users
permissions.
Check links in my previous post. Specically "Implementing and Administering
Certificate Templates in Windows Server 2003"
Mike
"Miha Pihler" <mihap-news@atlantis.si> wrote in message
news:%23MtpUEboEHA.800@TK2MSFTNGP14.phx.gbl...
> Hi,
>
> Version 2 certificate templates (edited templates) can only be used to
issue
> certificates on CA
> server that was installed on Windows 2003 Enterprise Edition (not on
Windows
> 2003 Standard Edition).
> CA server also has to be setup as Windows 2003 Enterprise CA service
> (integrated in AD) not as Windows 2003 standalone CA server.
>
> Implementing and Administering Certificate Templates in Windows Server
2003
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspx
>
> Best Practices for Implementing a Microsoft Windows Server2003 Public Key
> Infrastructure
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
>
> PKI Enhancements in Windows XP Professional and Windows Server 2003
> http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx
>
> Windows Server 2003 PKI Operations Guide
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx
>
> Managing a Windows Server 2003 Public Key Infrastructure
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx
>
> Advanced Certificate Enrollment and Management
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx
>
> Mike
>
> "schapman" <sean.chapman@gmail.com> wrote in message
> news:b9ddedc8.0409231251.6d586645@posting.google.com...
> > I set up a windows 2003 server and am trying to use it as a
> > Certificate Authority. I gave it a name, put it on the domain, and can
> > issue certificates with no problem. However, I'm trying to modify a
> > certificate template so that I can disable the option to mark keys as
> > exportable. When I try and load up certtmpl.msc, I get the following
> > error:
> >
> > Windows could not create the object identifier list. This computer is
> > not joined to a domain. Certificate templates are not available.
> >
> > I don't really understand whats going on here as the computer is on
> > the domain. I tried uninstalling the certificate authority, taking the
> > machine off the network, re-adding it, and re-installing the
> > certificate authority but I get the same issue. Any ideas would be
> > appreciated.
> >
> > Also, is there a way to have it so that certain people requesting
> > certificates can only request a specific template while having other
> > users be able to pick any they want?
>
>
- Next message: Miha Pihler: "Re: Move certificate authority"
- Previous message: Miha Pihler: "Re: Certificate template modifying"
- In reply to: Miha Pihler: "Re: Certificate template modifying"
- Next in thread: schapman: "Re: Certificate template modifying"
- Reply: schapman: "Re: Certificate template modifying"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
