Re: Certificate template modifying

From: schapman (schapman_at_inlandkwpp.com)
Date: 09/24/04

Next message: Ben Woskje: "Re: Move certificate authority"
Previous message: Steven L Umbach: "Re: Policy"
In reply to: Miha Pihler: "Re: Certificate template modifying"
Next in thread: Shawn Corey [MSFT]: "Re: Certificate template modifying"
Reply: Shawn Corey [MSFT]: "Re: Certificate template modifying"
Reply: Miha Pihler: "Re: Certificate template modifying"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 23 Sep 2004 22:49:13 GMT

Well. that explains it :) Time to see if we have any licenses of
enterprise I guess.

On Thu, 23 Sep 2004 23:10:24 +0200, "Miha Pihler"
<mihap-news@atlantis.si> wrote:

>To answer second part of your question. Yes, it is possible to allow
>certaing users to access only certain templates. Again you will need Windows
>2003 Enterprise setup of Windows CA. Then you can use permissions to allow
>users to access only certain templates or use auto-enrollment based on users
>permissions.
>
>Check links in my previous post. Specically "Implementing and Administering
>Certificate Templates in Windows Server 2003"
>
>Mike
>
>"Miha Pihler" <mihap-news@atlantis.si> wrote in message
>news:%23MtpUEboEHA.800@TK2MSFTNGP14.phx.gbl...
>> Hi,
>>
>> Version 2 certificate templates (edited templates) can only be used to
>issue
>> certificates on CA
>> server that was installed on Windows 2003 Enterprise Edition (not on
>Windows
>> 2003 Standard Edition).
>> CA server also has to be setup as Windows 2003 Enterprise CA service
>> (integrated in AD) not as Windows 2003 standalone CA server.
>>
>> Implementing and Administering Certificate Templates in Windows Server
>2003
>>
>http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspx
>>
>> Best Practices for Implementing a Microsoft Windows Server2003 Public Key
>> Infrastructure
>>
>http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
>>
>> PKI Enhancements in Windows XP Professional and Windows Server 2003
>> http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx
>>
>> Windows Server 2003 PKI Operations Guide
>>
>http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx
>>
>> Managing a Windows Server 2003 Public Key Infrastructure
>>
>http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx
>>
>> Advanced Certificate Enrollment and Management
>>
>http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx
>>
>> Mike
>>
>> "schapman" <sean.chapman@gmail.com> wrote in message
>> news:b9ddedc8.0409231251.6d586645@posting.google.com...
>> > I set up a windows 2003 server and am trying to use it as a
>> > Certificate Authority. I gave it a name, put it on the domain, and can
>> > issue certificates with no problem. However, I'm trying to modify a
>> > certificate template so that I can disable the option to mark keys as
>> > exportable. When I try and load up certtmpl.msc, I get the following
>> > error:
>> >
>> > Windows could not create the object identifier list. This computer is
>> > not joined to a domain. Certificate templates are not available.
>> >
>> > I don't really understand whats going on here as the computer is on
>> > the domain. I tried uninstalling the certificate authority, taking the
>> > machine off the network, re-adding it, and re-installing the
>> > certificate authority but I get the same issue. Any ideas would be
>> > appreciated.
>> >
>> > Also, is there a way to have it so that certain people requesting
>> > certificates can only request a specific template while having other
>> > users be able to pick any they want?
>>
>>
>

Next message: Ben Woskje: "Re: Move certificate authority"
Previous message: Steven L Umbach: "Re: Policy"
In reply to: Miha Pihler: "Re: Certificate template modifying"
Next in thread: Shawn Corey [MSFT]: "Re: Certificate template modifying"
Reply: Shawn Corey [MSFT]: "Re: Certificate template modifying"
Reply: Miha Pihler: "Re: Certificate template modifying"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Difference between 2003 edition for PKI functionnality
... The Enterprise edition of Windows Server 2003 allows for the use of version ... certificate templates for Enterprise CAs. ... Enterprise edition also allows for auto-enrollment to Windows XP and greater ...
(microsoft.public.windows.server.security)
Re: HELP RE-CREATING DEFAULT CERTIFICATE TEMPLATES!
... When you installed a new enterprise CA did it not re-create the default ... I know a Windows server 2003 CA will definately do this. ... > CA (including Certificate Templates) and reinstalled a new Enterprise root ...
(microsoft.public.win2000.security)
Re: Certificate Services Issues
... I was just told that the reason this is failing is that the private key is ... How do I set the web enrollment feature to allow ... >> find it in any of the templates. ... > Windows Server 2003 Enterprise Edition computer, ...
(microsoft.public.windows.server.security)
Re: Certificate Services Issues
... What we are doing is using S/MIME to encrypt the payload with the public ... can't use the templates to get what I need. ... > Windows Server 2003 Enterprise Edition computer, ... >> certfiicate we generated is the culprit. ...
(microsoft.public.windows.server.security)
Re: Certificate Templates - Duplicating template - Issue does not work
... Rather than upgrade the OS for this service, can I create and import a V1 ... > templates you will have to run your CA server on Enterprise Edition. ... > Implementing and Administering Certificate Templates in Windows Server ...
(microsoft.public.win2000.security)