How to use Certificate Services Web enrollment pages together with Windows Vista or Windows Server 2008

Wheww!! we finally have the matrix for what works, what doesnt and how to fix it  🙂     http://support.microsoft.com/kb/922706/en-us   SUMMARY The Windows Server 2003 Certificate Services Web enrollment functionality relies on an ActiveX control that is named Xenroll. This ActiveX control is available in Microsoft Windows 2000 and in later versions of Windows….

1

EFS failures after upgrade to 2008

FYI .. ( havent had time to finish the kerb posts.. but here is an important FYI ) http://www.microsoft.com/downloads/details.aspx?FamilyID=fd786261-d278-40db-baf8-70f42d786223&displaylang=en Overview When a user encrypts a file stored on a Windows file server the actual encryption of the file occurs on the server. To accomplish this, a special profile is created on the server in order…


Putting CAPI2 logging to good use…

  So there was a problem with a  printer which you could connect to via SSL in order to print via IPP.   You go in and configure the printer via a web page like so:     Create New Self-Signed CertificateCreate a new self-signed certificate.  Warning: This operation will overwrite the currently installed certificate…

1

Notify users of cert expiration…

A recent mail thread was asking about querying for cert about to expire and notifying the users of this.   You could do it a few ways.. Run some kind of svc\logon script etc..  on the clients – which tracked the stores and cert data. Query the CA DB directly for certs about to expire….

4

Credential Roaming hotfix…

  Just a slight detour from our debugging stuff for some new info on credential roaming\DIMS … http://support.microsoft.com/?id=934797 The size of the Ntds.dit file on the domain controller grows continually larger after you enable the “Credential Roaming” feature for Windows Vista-based client computers in the domain   Well now, that can’t be good can it….

1

EFS and Vista… and XP

I just wanted to make sure folks realized that Vista and XP EFS files aren’t exactly compatible…   Here was a snip from a recent question:   ” I’m asking this question on behalf of another colleague. He’s having problems accessing encrypted files on a removable HDD in XP. He encrypted the folder and files in…

10

New Security code samples…

Dan, over at JWSecure has written a bunch of new samples for some difficult to use API’s ( previously he also wrote some cred prov samples ) The new batch includes a CNG plugin to implement a new cipher algorithm in Vista – cool stuff. I especially liked his section on ‘kicking the tires’ and…


Smartcard logon over Terminal Services ( RDP redirection ) pII ( vista FYI )

It seems I do spend a fair bit of time with smartcards lately, but I have some other interesting posts planned as well. Anyway, this is kind of a heads up to an interesting issue with Vista.   We changed some of the way things work ( for the better ) in Vista. You may…

4

LH Beta 3 OCSP doc..

This white paper describes the concepts behind and steps needed to install, configure, and troubleshoot the Microsoft Online Responder, a role service that is used to implement online certificate status protocol (OCSP) revocation checking in Active Directory Certificate Services environments.   http://download.microsoft.com/download/5/3/c/53cdc0bf-6609-4841-a7b9-cae98cc2e4a3/Installing, Configuring, and Troubleshooting the Microsoft Online Responder.doc   spatdsg