Re: Prevent logon without certificate

From: Art Vandelay (idozaf_at_gmail.com)
Date: 01/26/05 

Date: Wed, 26 Jan 2005 20:36:37 -0000

> My main question is, why would certificate be a requirement (I can see
> some
> advantages, but I would like to see if Art has a good reason for this or
> is there a better solution -- e.g. Smart Card for users)? Who can add
> computers to domain? By default "Authenticated Users can add 10 computers
> to domain, but if you change the policy only domain administrators (or
> another group of users) will be able to add computers to domain...

Hi, thanks for your reply. Maybe knowing what we want to achieve is the way
forward as it looks like certificates are not what I thought :-)

We can get access to our server at the office from remote sites if we enable
"remote desktop" and forward port 3389 through our firewall. We haven't
actually done that yet, as we are, of course, worried about the security
implications. We thought that if we enabled certificate services on our
network and allowed only computers that had a certificate to log on, then
that extra level of security would be enough. Our staff could then connect
to the server remotely only using their laptops which would be certificated.

Am I way off line thinking like this?

Thanks guys.

Relevant Pages

  • [NT] Flaw in Outlook 2002s Way of Handling V1 Exchange Server Security Certificates Leads To Informa
    ... Beyond Security would like to welcome Tiscali World Online ... Encryption is used to prevent parties other ... Outlook uses public key certificates to facilitate the exchange of the ... there are other certificate options including V1 Exchange Server Security ...
    (Securiteam)
  • Re: Embedding Simple MFC GUI app into website
    ... particular technology is "evil" goes beyond common sense and increases ... his denouncement of ActiveX and Java (and Flash, ... ActiveX, in particular, is an antipattern for security. ... Since you must obtain a certificate for code signing from the trusted ...
    (microsoft.public.vc.mfc)
  • Re: Auto Enrollment not working for one DC
    ... Windows Server 2003 SP1 introduces enhanced default security settings for the DCOM protocol. ... Windows Server 2003 Certificate Services provides enrollment and administration services by using the DCOM protocol. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Auto Enrollment not working for one DC
    ... I was already aware of the post SP1 problem with the CERTSVC_DCOM_ACCESS ... Certificate Services: Effects of security enhancements to the DCOM protocol ...
    (microsoft.public.windows.server.active_directory)
  • Re: self-signing certificate
    ... saw that my self-signed certificate was under the ... Now warnings at all when opening with medium security set. ... And, if correct, why the warning? ...
    (microsoft.public.access.security)