GPO for trusted root CA certs

From: Michael Ströder <michael@xxxxxxxxxxxx>
Date: Tue, 07 Nov 2006 14:12:39 +0100

HI!

I'd like to know how GPOs are protected against being forged. In my case
I'd have the task to design a GPO for trusted root CA certs which
obviously should be secured somehow.

I also read about certificate trust lists signed by the enterprise
admin. But there's off course some hen-and-egg-problem since at the end
the signature has to be validated against the root CA cert.

Thanks in advance.

Ciao, Michael.
.

Follow-Ups:
- RE: GPO for trusted root CA certs
  - From: Brian Delaney [MSFT]

Prev by Date: Re: domain admin account impersontating
Next by Date: Re: domain admin account impersontating
Previous by thread: Re: Basic Sec Template Design
Next by thread: RE: GPO for trusted root CA certs
Index(es):
- Date
- Thread

Relevant Pages

Re: 2003 PKI Design Question
... As long as your certs chain to a trusted root, ... Any third party trusted root will require very rigorous vetting processes ... > I plan to distribute the following types of certificates: ...
(microsoft.public.windows.server.security)
Re: SBS 2003 Premium and Cert Services
... so there is no real issue loading cert svs on the sbs ... mapping users to certs for other applicaitons, secure email using certs, ... > you purchase a root CA cert from a trusted Root CA? ... > better off to purchase a certificate solution from a provider. ...
(microsoft.public.windows.server.sbs)
Re: certificate services/get a root cert for my private CA
... when I try to view one of the certs from that web server (eg ... a valid certification path that ends in a trusted root CA (verified that ...
(microsoft.public.windows.server.general)