CAPICOM and CSR or PKCS#10

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
 - 1
 - LinkedIn groups for SBS users and security enthusiasts To all, For those of you that are LinkedIn users and fans of SBS, I have created a networking group on the LinkedIn system for you. You can join it at http://www.linkedin.com/e/gis/64458/7D7008666D31. ALSO: Please feel free to join my security group on LinkedIn. It is for the National Information Security Group. Join at http://www.linkedin.com/e/gis/43269/7DC2303017E0 Yours, Brad Dinerman _______________________________________________ Bradley J. Dinerman, MVP - Enterprise Security President, National Information Security Group http://www.naisg.org Tag: CAPICOM and CSR or PKCS#10 Tag: 96866
 - 2
 - On security standards about home networks or digital home Can anyone give me some advices on how to find security standards about home networks or digital home? It can be world wide standards or just industry specific ones. Thanks. Tag: CAPICOM and CSR or PKCS#10 Tag: 96863
 - 3
 - "include in CDP" extention error - Reproducible error: Hi Folks, I have been messing around with the PKIView tool to figure out what makes it tick. I understand that if I make changes to the AIA and CDP extensions in the Cert Auth Properties, that I have to re-issue the CAExch cert because PKIView uses the data in that cert to show status of these locations. However, I have found something else that makes PKIView show errors. And I dont understand it. The error is reproducible. It has to do with the "Include in the CDP extension of issued certificates" check box for http URL entries for the CDP extension area of the Cert Auth Properties. In the help file it states that you "check this box if you want to use a URL as a CRL distribution point". that's confusing. I thought that adding the URLs in the first place showed users where to get CRL and CA cert files. So why the need for this additional checkbox? Anyway, i have 2 entries CDP entries. The registry shows them like this: 7:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10 4:http://%1/CertEnroll/%3%8%9.crl Here is the reproducible error. I highlight the HTTP URL and check the box to use the URL as a CRL distribution point, and then refresh PKIView. I get an error: DeltaCRL Location #2 Unable to download. This location is pointing to a file://BIGFIRMCA1.bigfirm.com/certenroll/bigfirm-CA1-CA(6)+.crl If I right click on the error and choose COPY URL, and paste that in a browser, I get a file. If I remove this check box the error goes away. This does not happen if I check of uncheck this box corresponding to the LDAP url. Why on earth is the location pointing to a FILE url anyway? And what is the connection with this setting? The certutil -verify urlfetch command output run on the newest CAExch cert is below too. Many thanks! Kristin PS - I know the verify url.txt file shows a bunch of lines like this: Wrong Issuer "Certificate (2)" Time: 0 I reissued the CA cert a bunch of times at one point to see what happened. I assume this is why i am seeing those lines..... Microsoft Windows [Version 6.0.6001] Copyright (c) 2006 Microsoft Corporation. All rights reserved. C:\Users\Administrator.BIGFIRM>certutil -verify -urlfetch c:\test4.cer Issuer: CN=bigfirm-BIGFIRMCA1-CA DC=bigfirm DC=com Subject: CN=bigfirm-BIGFIRMCA1-CA-Xchg DC=bigfirm DC=com Cert Serial Number: 6106c8b1000600000057 dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) HCCE_LOCAL_MACHINE CERT_CHAIN_POLICY_BASE -------- CERT_CHAIN_CONTEXT -------- ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) ChainContext.dwRevocationFreshnessTime: 1 Hours, 37 Minutes, 40 Seconds SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) SimpleChain.dwRevocationFreshnessTime: 1 Hours, 37 Minutes, 40 Seconds CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0 Issuer: CN=bigfirm-BIGFIRMCA1-CA, DC=bigfirm, DC=com NotBefore: 3/4/2008 3:33 PM NotAfter: 3/11/2008 3:43 PM Subject: CN=bigfirm-BIGFIRMCA1-CA-Xchg, DC=bigfirm, DC=com Serial: 6106c8b1000600000057 Template: CAExchange Template: CA Exchange bf fa 68 00 46 b3 e6 df 46 47 51 da 2f be 28 b4 e5 09 cc 5d Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) ---------------- Certificate AIA ---------------- Verified "Certificate (0)" Time: 0 [0.0] ldap:///CN=bigfirm-BIGFIRMCA1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configur ation,DC=bigfirm,DC=com?cACertificate?base?objectClass=certificationAuthority Wrong Issuer "Certificate (1)" Time: 0 [0.1] ldap:///CN=bigfirm-BIGFIRMCA1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configur ation,DC=bigfirm,DC=com?cACertificate?base?objectClass=certificationAuthority Wrong Issuer "Certificate (2)" Time: 0 [0.2] ldap:///CN=bigfirm-BIGFIRMCA1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configur ation,DC=bigfirm,DC=com?cACertificate?base?objectClass=certificationAuthority Wrong Issuer "Certificate (3)" Time: 0 [0.3] ldap:///CN=bigfirm-BIGFIRMCA1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configur ation,DC=bigfirm,DC=com?cACertificate?base?objectClass=certificationAuthority Wrong Issuer "Certificate (4)" Time: 0 [0.4] ldap:///CN=bigfirm-BIGFIRMCA1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configur ation,DC=bigfirm,DC=com?cACertificate?base?objectClass=certificationAuthority Wrong Issuer "Certificate (5)" Time: 0 [0.5] ldap:///CN=bigfirm-BIGFIRMCA1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configur ation,DC=bigfirm,DC=com?cACertificate?base?objectClass=certificationAuthority Wrong Issuer "Certificate (6)" Time: 0 [0.6] ldap:///CN=bigfirm-BIGFIRMCA1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configur ation,DC=bigfirm,DC=com?cACertificate?base?objectClass=certificationAuthority Verified "Certificate (0)" Time: 0 [1.0] http://bigfirmca1.bigfirm.com/CertEnroll/BIGFIRMCA1.bigfirm.com_bigfirm-BIGFIRMCA1-CA(6).c rt ---------------- Certificate CDP ---------------- Verified "Base CRL (45)" Time: 0 [0.0] http://bigfirmca1.bigfirm.com/CertEnroll/bigfirm-BIGFIRMCA1-CA(6).crl Verified "Delta CRL (45)" Time: 0 [0.0.0] http://bigfirmca1.bigfirm.com/CertEnroll/bigfirm-BIGFIRMCA1-CA(6)+.crl Failed "CDP" Time: 0 Error retrieving URL: The request is not supported. 0x80070032 (WIN32: 50) [0.1.0] file://BIGFIRMCA1.bigfirm.com/CertEnroll/bigfirm-BIGFIRMCA1-CA(6)+.crl ---------------- Base CRL CDP ---------------- OK "Delta CRL (46)" Time: 0 [0.0] http://bigfirmca1.bigfirm.com/CertEnroll/bigfirm-BIGFIRMCA1-CA(6)+.crl Failed "CDP" Time: 0 Error retrieving URL: The request is not supported. 0x80070032 (WIN32: 50) file://BIGFIRMCA1.bigfirm.com/CertEnroll/bigfirm-BIGFIRMCA1-CA(6)+.crl ---------------- Certificate OCSP ---------------- No URLs "None" Time: 0 -------------------------------- CRL 45: Issuer: CN=bigfirm-BIGFIRMCA1-CA, DC=bigfirm, DC=com 49 71 74 14 32 b5 ee 36 af 2f ed 59 f9 c0 91 83 63 08 5c d2 Delta CRL 46: Issuer: CN=bigfirm-BIGFIRMCA1-CA, DC=bigfirm, DC=com 4f 51 b4 1d b4 a4 8f 09 fc ab a1 01 eb ec 7e 91 cf 24 2b a1 Application[0] = 1.3.6.1.4.1.311.21.5 Private Key Archival CertContext[0][1]: dwInfoStatus=10c dwErrorStatus=0 Issuer: CN=bigfirm-BIGFIRMCA1-CA, DC=bigfirm, DC=com NotBefore: 3/4/2008 1:54 PM NotAfter: 3/5/2013 2:04 PM Subject: CN=bigfirm-BIGFIRMCA1-CA, DC=bigfirm, DC=com Serial: 2ef74929617bd7a744bd687ba6947828 1c 4e 88 de 4c c4 f4 82 bd 36 7c 8f 02 74 c0 1d df 7f 20 66 Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4) Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) ---------------- Certificate AIA ---------------- No URLs "None" Time: 0 ---------------- Certificate CDP ---------------- No URLs "None" Time: 0 ---------------- Certificate OCSP ---------------- No URLs "None" Time: 0 -------------------------------- Exclude leaf cert: c1 18 ef 26 63 88 38 c6 b7 95 b7 8f 7f 85 79 e5 d8 00 2b f5 Full chain: a9 10 81 8e 4f ee 69 7b e5 6b 90 64 14 6e 51 52 30 e2 61 ae ------------------------------------ Verified Issuance Policies: None Verified Application Policies: 1.3.6.1.4.1.311.21.5 Private Key Archival Leaf certificate revocation check passed CertUtil: -verify command completed successfully. C:\Users\Administrator.BIGFIRM> Tag: CAPICOM and CSR or PKCS#10 Tag: 96862
 - 4
 - Not authorized to logon to Domain from this PC - error message We are migrating some special, secured, PCs to a new Active Directory Domain. A central IT technician was dispatched to lock down the PC and verify the PCs Information Assurance level. In the process Domain Users get (not exact quote) "Not authorized to logon to Domain from this PC" as an error message when attempting a logon. Only Domain Admins. can logon. Any advice ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Tag: CAPICOM and CSR or PKCS#10 Tag: 96857
 - 5
 - looking for individuals to run local security groups This is a multi-part message in MIME format. --------------070109020208050901090907 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hello, My name is Brad Dinerman. I am the founder and president of the National Information Security Group (NAISG, http://www.naisg.org). We are a US chapter-based organization of security professionals. Each chapter typically holds monthly meetings, but we also provide a number of online resources and an internationally recognized TechTips email list. Membership is ALWAYS free to the general public; there are no annual dues or fees. Our membership includes top notch security professionals, but the only requirement to join is that you have an *interest* in information security. You do not need to be a CISSP, MCSE or any other acronym. As of today, we have chapters in: * Boston, MA * New York City * Seattle, WA (coming soon) * Washington, DC (coming soon) * Silicon Valley, CA (coming soon) *We are looking for individuals who would be interested to form and lead chapters in other cities, whether in the US or even other countries.* The time commitment is not tremendous, and the position is totally voluntary. You would run the chapter simply for the enjoyment of promoting security. NAISG has excellent ties with the FBI, Infragard and local law-enforcement agencies. Members include administrators, managers, executive, law enforcement, educators/students and more. Members of the local press frequently attend meetings and do write-ups in their respective publications. If this is of interest to you, please check out our Web site at http://www.naisg.org. There are details there about some of the requirements and benefits of creating a chapter. Yours, Brad Dinerman -- _______________________________________________ Bradley J. Dinerman, MVP - Enterprise Security President, National Information Security Group http://www.naisg.org --------------070109020208050901090907 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> </head> <body bgcolor="#ffffff" text="#000000"> Hello, My name is Brad Dinerman.  I am the founder and president of the National Information Security Group (NAISG, <a class="moz-txt-link-freetext" href="http://www.naisg.org">http://www.naisg.org</a>).  We are a US chapter-based organization of security professionals.  Each chapter typically holds monthly meetings, but we also provide a number of online resources and an internationally recognized TechTips email list.  Membership is ALWAYS free to the general public; there are no annual dues or fees.  Our membership includes top notch security professionals, but the only requirement to join is that you have an interest in information security.  You do not need to be a CISSP, MCSE or any other acronym. As of today, we have chapters in: <ul> <li>Boston, MA</li> <li>New York City</li> <li>Seattle, WA (coming soon)</li> <li>Washington, DC (coming soon)</li> <li>Silicon Valley, CA (coming soon)</li> </ul> We are looking for individuals who would be interested to form and lead chapters in other cities, whether in the US or even other countries.  The time commitment is not tremendous, and the position is totally voluntary.  You would run the chapter simply for the enjoyment of promoting security. NAISG has excellent ties with the FBI, Infragard and local law-enforcement agencies.  Members include administrators, managers, executive, law enforcement, educators/students and more.  Members of the local press frequently attend meetings and do write-ups in their respective publications. If this is of interest to you, please check out our Web site at <a class="moz-txt-link-freetext" href="http://www.naisg.org">http://www.naisg.org</a>.  There are details there about some of the requirements and benefits of creating a chapter. Yours, Brad Dinerman <pre class="moz-signature" cols="72">-- _______________________________________________ Bradley J. Dinerman, MVP - Enterprise Security President, National Information Security Group <a class="moz-txt-link-freetext" href="http://www.naisg.org">http://www.naisg.org</a> </pre> </body> </html> --------------070109020208050901090907-- Tag: CAPICOM and CSR or PKCS#10 Tag: 96856
 - 6
 - Recommended PKI book? Can anybody recommend a good book about PKI and Windows server (2003 server to be exact)? There are a few on Amazon and the like. Which ones are the better of the batch? Tag: CAPICOM and CSR or PKCS#10 Tag: 96853
 - 7
 - Setting up AD (W2K3) for SmartCard Authentication Can someone direct me to some articles that explain how to configure AD for Smart Card Authentication? If read various articles and they were not clear as to what is required and how to implement smartcard authentication. If this isn't the correct group, please let me know what the correct group would be. Thanks. Don Jones Tag: CAPICOM and CSR or PKCS#10 Tag: 96851
 - 8
 - Wireless authentication with AD & Cisco AIR-AP1231G-A-K9 Hi, I've read about using IAS to authenticate wireless users against AD but I can't find any detailed instructions on actually how to set everything up. I read about needing a CA and using certificates however is that really necessary? I was told that there is a way to create user accounts named after the MAC address of the wireless card. Does anyone know how to do this? Do I have to also distribute certificates to laptops? I could really use some help. A big thanks to anyone that can help me with this. Riley Tag: CAPICOM and CSR or PKCS#10 Tag: 96849
 - 9
 - Security Event Log Backup via script Hello, I have a problem I am beating my head against. I have a script that will backup the security event log and then clear it. It works perfectly as an administrator but a standard user cannot successfully run it. Script: --------------------------------------------------------------- 'Arguments fileName = WScript.Arguments.Item(0) logType = WScript.Arguments.Item(1) fullPathName = filename & ".evt" 'Display args passed Wscript.echo "Argument 0 - fileName :" & fileName Wscript.echo "Argument 1 - logType :" & logType Wscript.echo "fullPathName :" & fullPathName strComputer = "." Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate,(Backup,security)}!\\" & strComputer & "\root\cimv2") Set colLogFiles = objWMIService.ExecQuery ("SELECT * FROM Win32_NTEventLogFile WHERE LogFileName='" & logType & "'") For Each objLogfile in colLogFiles errBackupLog = objLogFile.BackupEventLog(fullPathName) If errBackupLog = 0 Then Wscript.Echo "The Security event log was backed up." objLogFile.ClearEventLog() End If If errBackupLog = 8 Then Wscript.Echo "Privilege missing!" End If If errBackupLog = 21 Then Wscript.Echo "Invalid Parameter in call" End If If errBackupLog = 183 Then Wscript.Echo "The archive file already exists." End If Next ---------------------------------------------------------------- I have tried assigning the following rights to my test user: Manage Auditing and Security Rights Impersonate a client after authentication backup files and directories From what I could find (which is somewhat sparse) it may have to do with needing to set a CustomSD to the security event log. I have no experience what so ever in regards to working with the windows security subsystems at that level. Nor am I sure you could do that on a stand alone machine that is not under a domain. The user can view the security event log in the event viewer but not save it it returns the error message "A required privilege is not held by the client". Anyone have any ideas? Thanks John Bates Raytheon Tag: CAPICOM and CSR or PKCS#10 Tag: 96845
 - 10
 - Securing data to a process identity Hello all - I've been looking for a way to do this, and I'm hoping someone either can point me at the obvious API that does this that I somehow missed after searching long and hard, or else can comment on an idea I'll outline below that I think would get me there. First, here's what I'm trying to do: I want something similar to DPAPI, but with process identity granularity. I'm going to have an administrative UI that would take a service ID and password, call LogonUser, and then call my encryption API to encrypt data based on something unique to the security context created by LogonUser. Later, I want a process configured to run as that service ID / password identity - and *only* processes running with that identity - to be able to call a decryption API on that data. (As for why I want this, it's to provide a "vault" to applications in a shared environment, where I don't want to require that applications "trust" each other. Machine-level DPAPI is inadequate for this, since any application can decrypt another app's secrets.) So maybe I've missed an obvious way you do this in Windows, and someone can point me at the right API ... but if not, here's my idea: An obvious secret associated with the process' identity is the password hash, but how to get at it - there's no API that I can find that would let me do that. (Of course there are hacker tools that do this using kernel mode code, but I don't want anything so messy.) Now here's the idea: I do both client and server sides of the NTLM challenge / response using SSPI (I have code that does this already from something else), but I don't really do the server side that would be generating a random challenge. Instead I feed a constant pre-baked challenge packet to the second call to InitializeSecurityContext, so that I get the same challenge response packet every time, but one which still depends uniquely on the caller's security context. That challenge response could then be used in a CryptDeriveKey call to get the actual reversible encryption key. I'd appreciate any comments. Thanks, Steve Schuler Safeco Insurance Please reply to the group. If you also want to send private email, I can be reached at sjschu AT safeco DOT com Tag: CAPICOM and CSR or PKCS#10 Tag: 96843
 - 11
 - February Update problems I installed the Microsoft February updates eg. KB944533/KB943055/KB946026/KB890830) and had problems with lots of blue screens and difficulty connecting to server. I restored to an earlier date and have not re-installed them. If I deleted these ( still in the notification area) and installed the updates from Microsoft site - would the glitches have been sorted out after a few weeks- and therefore patches included to sort out problems? Also, should one block own firewall (Bullguard in this case) when installing updates and then turn on again afterwards?? I run Windows XP Pro Media Centre model with Service Pack2 and use Internet Explorer and Outlook Express. Thanks in anticipation for any answers. -- SilverSurfer Tag: CAPICOM and CSR or PKCS#10 Tag: 96840
 - 12
 - C:/3887508a051ab09532 I searched this folder on the internet but couldn't find any information about it. It is located under C:/ and it contains "mrt.exe" and "mrtstub.exe". Is there someone who has this same unknown folder in his computer who can explain to me its function, if it is legitimate or not? Tag: CAPICOM and CSR or PKCS#10 Tag: 96839
 - 13
 - Searchme Robot intrussion Anyone able to cast any light on this crawler/robot - it has been causing a huge data throughput on our IP (not a public site) and stops if BITS2.0 is closed down! Tag: CAPICOM and CSR or PKCS#10 Tag: 96837
 - 14
 - Private Key Export Urgent help needed !!!! i recenly purchase code signing certificate online and i end up with the certificate private key imported on my vista machine . Now when i tried to export the certificate ,it doesnt allow me to export the private key!!!! any help Tag: CAPICOM and CSR or PKCS#10 Tag: 96833
 - 15
 - ISA 2006 Server Array Problems I have a ISA 2006 Array of which when one node is switched off the other node does not process any client requests at all. I use the ISA array for proxy. Tag: CAPICOM and CSR or PKCS#10 Tag: 96823
 - 16
 - Please recommend one free software that can erase the files permanently and completely Thanks Tag: CAPICOM and CSR or PKCS#10 Tag: 96822
 - 17
 - Please recommend one free software that can erase the files permanently and completely Thanks Tag: CAPICOM and CSR or PKCS#10 Tag: 96821
 - 18
 - Please recommend one free software that can erase the files permanently and completely Thanks Tag: CAPICOM and CSR or PKCS#10 Tag: 96820
 - 19
 - Randomly allocated high tcp ports on both client/server? We unfortunately have a firewall (hardware based not the host based) between this one client (only one, the others are on our LAN) and our domain controller. Outgoing traffic are not blocked on either side. We won't modify the registry to use a static port for RPC for some reason. And we can't use the VPN. So on the hardware firewall that's protecting the domain controller (no host based firewall) side, we're going to allow all traffic from that one client to the domain controller. On the client side (on the hardware firewall, there's no host based firewall on the client) the usual MS ports are open ex) 135, 137 U, 138 U, 139, 445. Do we need to open the dynamic ports on the firewall that's protecting the client side 1024:65535 or just by opening all traffic on the domain controller side as I mentioned above will take care of the traffic? Thanks Tag: CAPICOM and CSR or PKCS#10 Tag: 96819
 - 20
 - Certificate request file syntex for critical extensions Hi, I have a Standalone Root CA running on Windows 2003 SP2. I want to enable SSL, TLS for RDP connections to domain controllers, for that I am following the KB article :http://support.microsoft.com/?id=895433 I am able to request a "server authentication" certificate using web enrollment, but I wanted to automate this process using certreq.exe and INF file. My version of INF is not working, as I am able to generate the certificate, but it is not showing up as a available certificate for RDP SSL in TS configuration properties. Only difference I saw between certificate obtained from webenrollment & certificate obtained from certreq.exe was keyusage extension being not critical in certreq.exe certificate. So, I am assuming that is the problem. I am not able to set the key usage extension to critical, can anyone help me with conversion of keyusage value to base64 version as required by INF If it helps anyone, the Keyusage requires data in ASN.1 BIT STRING format. http://www.ietf.org/rfc/rfc3280.txt My INF file [Version] Signature= "$Windows NT$" [NewRequest] KeySpec = 1 KeyLength = 2048 Exportable = TRUE MachineKeySet = TRUE SMIME = FALSE PrivateKeyArchive = FALSE UserProtected = FALSE UseExistingKeySet = FALSE ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 KeyUsage = 0x30 Subject = "CN=server1.domain.com" [EnhancedKeyUsageExtension] OID = 1.3.6.1.5.5.7.3.1 ; for "Server Authentication" [Extensions] 2.5.29.15 = ?????? Critical = 2.5.29.15 Appreciate any help provided :) -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Argue for your limitations, and sure enough, they're yours. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Tag: CAPICOM and CSR or PKCS#10 Tag: 96807
 - 21
 - Folder encryption I was attempting to encrypt a folder in My Docs to secure password files on my PC and I am getting an error "Recovery policy configured for ths system contains invalid recovery certificate." How can I resolve this issue? Tag: CAPICOM and CSR or PKCS#10 Tag: 96804
 - 22
 - Certificate Authority Configuration I plan to add Windows Mobile 5.0 smart phones running ActiveSync to our network which is running Exchange 2003. I've done this many times on a Small Business Server network where the Certificate Authority is installed during the server installation so there aren't as many questions to be answered. For the first time, I plan to add the Certificate Authority to a Windows 2003 Standard Edition environment. I'm hoping that someone can point me in the right direction. The first question that I have is whether I should be installing an Enterprise CA, or a Stand-Alone CA. As of now, the only certificates we intend to issue are those that are necessary to allow the Windows Mobile 5.0 smartphones to send and recieve mail from the Exchange server using ActiveSync. Also, if there are any particularly good implementation documents that someone could point me to I'd greatly appreciate that as well. Thanks for your help. --David Tag: CAPICOM and CSR or PKCS#10 Tag: 96803
 - 23
 - process username OpenProcess -> OpenProcessToken access denied Hi, I've seen lots of posts about this on line, but it appears that no one ever gets it to work. I'm trying to open a process, other than mine, and get the username the process is running as. I've found .net code which does this via System.Management.ManagementObject, but it's slow, apparently runs via WMI, and I'd just rather do it natively. Taskmanager does it fine. I'm running as local admin and trying to view the owner of a process that was spawned with the runas cmd. Yet I can't. I get access denied no matter what I do. What am I missing? Why does the wmi work? It's got to be just using winapi down below anyway, perhaps it's because of the privileges the wmi service is running as? Here's my code, mostly copied, I believe via a MS page. Can someone tell me what I need to do? I've tried adjusting my token and the other processes. Would it be easier to just ::CreateRemoteThread and do it the hard way? I can't get past the OpenProcessToken when the proc handle is the handle to the remote process. I've tried many combinations of access rights. Here's the current code. void sysLog( LPTSTR lpFrom ) { WCHAR s[512]; DWORD dwErr = ::GetLastError(); ::ZeroMemory( s, 512 ); if( (FormatMessage( FORMAT_MESSAGE_FROM_SYSTEM, NULL, dwErr, 0, s, 512, NULL ) ) == 0 ) { ::std::wcout << lpFrom << L" FormatMessage error ::GetLastError() was " << dwErr << std::endl; } else { ::std::wcout << lpFrom << L" Error: " << dwErr << L" " << s << std::endl; } } BOOL SetPrivilege( HANDLE hToken, // access token handle LPCTSTR lpszPrivilege, // name of privilege to enable/disable BOOL bEnablePrivilege // to enable or disable privilege ) { TOKEN_PRIVILEGES tp; LUID luid; if ( !LookupPrivilegeValue( NULL, // lookup privilege on local system lpszPrivilege, // privilege to lookup &luid ) ) // receives LUID of privilege { printf("LookupPrivilegeValue error: %u\n", GetLastError() ); return FALSE; } tp.PrivilegeCount = 1; tp.Privileges[0].Luid = luid; if (bEnablePrivilege) tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; else tp.Privileges[0].Attributes = 0; // Enable the privilege or disable all privileges. if ( !AdjustTokenPrivileges( hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES) NULL, (PDWORD) NULL) ) { printf("AdjustTokenPrivileges error: %u\n", GetLastError() ); return FALSE; } if (GetLastError() == ERROR_NOT_ALL_ASSIGNED) { printf("The token does not have the specified privilege. \n"); return FALSE; } return TRUE; } BOOL GetCurrentUserAndDomain( DWORD dwPID, PTSTR szUser, PDWORD pcchUser, PTSTR szDomain, PDWORD pcchDomain) { BOOL fSuccess = FALSE; HANDLE hToken = NULL; PTOKEN_USER ptiUser = NULL; DWORD cbti = 0; SID_NAME_USE snu; HANDLE hProc = NULL; HANDLE hProcSelf = NULL; HANDLE hTokenSelf = NULL; __try { // not needed if dwPID is the id of this process hProcSelf = ::OpenProcess( PROCESS_ALL_ACCESS, FALSE, ::GetCurrentProcessId() ); ::OpenProcessToken( hProcSelf, TOKEN_ADJUST_PRIVILEGES, &hTokenSelf); SetPrivilege( hTokenSelf, SE_DEBUG_NAME, TRUE ); // always fails //SetPrivilege( hTokenSelf, SE_TCB_NAME, TRUE ); //SetPrivilege( hTokenSelf, SE_IMPERSONATE_NAME, TRUE ); hProc = ::OpenProcess( PROCESS_QUERY_INFORMATION, FALSE, dwPID ); if( NULL == hProc ) { sysLog( L"OpenProcess" ); __leave; } // fails here always if( 0 == ::OpenProcessToken( hProc, TOKEN_QUERY, &hToken)) { sysLog( L"OpenProcessToken" ); __leave; } // always fails //SetPrivilege( hToken, SE_DEBUG_NAME, TRUE ); //SetPrivilege( hTokenSelf, SE_TCB_NAME, TRUE ); //SetPrivilege( hToken, SE_IMPERSONATE_NAME, TRUE ); // Obtain the size of the user information in the token. if (GetTokenInformation(hToken, TokenUser, NULL, 0, &cbti)) { sysLog( L"GetTokenInformation" ); // Call should have failed due to zero-length buffer. __leave; } else { // Call should have failed due to zero-length buffer. if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) { sysLog( L"GetTokenInformation" ); __leave; } } // Allocate buffer for user information in the token. ptiUser = (PTOKEN_USER) HeapAlloc(GetProcessHeap(), 0, cbti); if (!ptiUser) { sysLog( L"GetTokenInformation" ); __leave; } // Retrieve the user information from the token. if (!GetTokenInformation(hToken, TokenUser, ptiUser, cbti, &cbti)) { sysLog( L"GetTokenInformation" ); __leave; } // Retrieve user name and domain name based on user's SID. if (!LookupAccountSid( NULL, ptiUser->User.Sid, szUser, pcchUser, szDomain, pcchDomain, &snu)) { sysLog( L"GetTokenInformation" ); __leave; } fSuccess = TRUE; } __finally { if( hTokenSelf ) ::CloseHandle( hTokenSelf ); // Free resources. if( hProcSelf ) ::CloseHandle( hProcSelf ); if (hToken) ::CloseHandle(hToken); if (ptiUser) ::HeapFree(::GetProcessHeap(), 0, ptiUser); if( hProc ) ::CloseHandle( hProc ); } return fSuccess; } // http://win32.mvps.org/ int _tmain(int argc, _TCHAR* argv[]) { TCHAR szUN[64]; TCHAR szD[64]; DWORD dwUNSize = 64; DWORD dwDSize = 64; DWORD dwPID = 0; BOOL bStatus = FALSE; if( argc == 2 ) { dwPID = (DWORD)_ttoi( argv[1] ); std::wcout << "Looking up user account for pid: " << dwPID << std::endl; bStatus = GetCurrentUserAndDomain( dwPID, szUN, &dwUNSize, szD, &dwDSize ); } else { dwPID = ::GetCurrentProcessId(); std::wcout << "Looking up user account for current process pid: " << dwPID << std::endl; bStatus = GetCurrentUserAndDomain( dwPID, szUN, &dwUNSize, szD, &dwDSize ); } if( bStatus ) std::wcout << L"User: " << szUN << " Domain: " << szD << std::endl; } Tag: CAPICOM and CSR or PKCS#10 Tag: 96798
 - 24
 - Not strictly Microsoft-related, but... How long exactly would it take a single user to hack a wireless network secured with WEP? Is it even possible? My wireless network appears to have been hacked - I've been using it for just over a year. Tag: CAPICOM and CSR or PKCS#10 Tag: 96797
 - 25
 - Are those encryption really reliable? There is recent report from AFP that says FileVault¡¢TrueCrypt,BitLocker and dm-crypt are not reliable anymore. They are all easy to be discrypted! then what can the users do? Tag: CAPICOM and CSR or PKCS#10 Tag: 96793
- Next
 - 1
 - 802.1x and script problem I am using 802.1x authentication. When user tries to logon to domain on their computer using their AD user name and password, user will run logon script to map drives. they can map other drive by script except the "Home Drive" . There is problem when mapping "Home Drive" Sometimes they can't see it on my computer, but sometime they see it but "Access Denied" when double click. I am using Windows Server 2000 IAS, and Zyxel GS2024 as switch. Tag: CAPICOM and CSR or PKCS#10 Tag: 96781
 - 2
 - PKI- Renewing user certificate Question: I have implemented a PKI infrastruture For Email Encryption and Email Signature. The problem i am running into is when testing the renewal of the user certificate, Using the CERTMGR on the client computer. The client Renew the certificate by right clicking on it and select renew certificate with the same key. Then the CA manager approve/ issue the certificate. The CA manager Export the certifcate and gave it to the intended user to install it. The intended user install the certificate. The newly install certificate does not have a private key attatched to it. This setup seems to fail, specifically for one type of certificate (Exchange User), although it appears to work for other types of certificate ( digital signature, EFS, code signing). The only work around seem to be is to allow autoenrollment on the security template ? is this a requirement for the user renwal to work? specifically (Exchange User template)?? I have tested this in three separate environment . In my lab Environment, Scenario 1 1. Auto Enrollment is not enabled on the security template, for the Email Encryption template. 2. Under Require the following for re-enrollment -The radio button is check for â??Same Criteria as for enrollmentâ?? OR 3. Under Require the following for re-enrollment -The radio button is check for â??Valid existing certificateâ?? 4. When user renew the certificate using the Certmgr, the CA Manager will have to issue the certificate and then export it out. 5. The user imports the certificate on a client machine, and in my test environment and the customer test environment. The new certificate will not have a private Key attached to it. Scenario 2 1. Auto Enrollment is enabled on the Security Template for the email Encryption template 2. On the Issuance Requirement , There is a Check mark for CA certificate manager Approval 3. Under Require the following for re-enrollment -The radio button is check for â??Same Criteria as for enrollmentâ?? 4. Customer renew the certificate with the SAME KEY using the CertMGR.MSC, 5. The CA Manager Issue the certificate and send it to the client to install it. The client installs the certificate, but no private key gets attached to the certificate. Scenario 3 6. Auto Enrollment is enabled on the Security Template for the email Encryption template 7. On the Issuance Requirement , There is a Check mark for CA certificate manager Approval 8. Under Require the following for re-enrollment -The radio button is check for â??Valid existing certificateâ?? 9. Customer renew the certificate with the SAME KEY using the CertMGR.MSC, and the certificate automatically gets installed. This worked in the customer environment. 10. Step #4 , I had two different behavior , The difference in the behavior is that the CA Manager must issue the certificate, and export it to the user for installation, that I did get in my lab environment at one point during th testing. The settings are exactly the same settings that are in step 4 11. There are no documentation anywhere on Microsoft website interim of best practice of renewing the certificate. David suggested to post the question to Microsoft forms, and see if I get any responses. Tag: CAPICOM and CSR or PKCS#10 Tag: 96778
 - 3
 - PKI Question - User Certificate Renewal Question - what is the best practice method of renewing a user certificate, I am refering to Authoenrollment or CA-Manger apparoval required. In my lab and customer environment we seem to be having problem when the certificate is manually approved /issued. I have tested this in three separate environment . In my lab Environment, Scenario 1 1. Auto Enrollment is not enabled on the security template, for the Email Encryption template. 2. Under Require the following for re-enrollment -The radio button is check for â??Same Criteria as for enrollmentâ?? OR 3. Under Require the following for re-enrollment -The radio button is check for â??Valid existing certificateâ?? 4. When user renew the certificate using the Certmgr, the CA Manager will have to issue the certificate and then export it out. 5. The user imports the certificate on a client machine, and in my test environment and the customer test environment. The new certificate will not have a private Key attached to it. Scenario 2 1. Auto Enrollment is enabled on the Security Template for the email Encryption template 2. On the Issuance Requirement , There is a Check mark for CA certificate manager Approval 3. Under Require the following for re-enrollment -The radio button is check for â??Same Criteria as for enrollmentâ?? 4. Customer renew the certificate with the SAME KEY using the CertMGR.MSC, 5. The CA Manager Issue the certificate and send it to the client to install it. The client installs the certificate, but no private key gets attached to the certificate. Scenario 3 6. Auto Enrollment is enabled on the Security Template for the email Encryption template 7. On the Issuance Requirement , There is a Check mark for CA certificate manager Approval 8. Under Require the following for re-enrollment -The radio button is check for â??Valid existing certificateâ?? 9. Customer renew the certificate with the SAME KEY using the CertMGR.MSC, and the certificate automatically gets installed. This worked in the customer environment. 10. Step #4 , I had two different behavior , The difference in the behavior is that the CA Manager must issue the certificate, and export it to the user for installation, that I did get in my lab environment at one point during th testing. The settings are exactly the same settings that are in step 4 11. There are no documentation anywhere on Microsoft website interim of best practice of renewing the certificate. David suggested to post the question to Microsoft forms, and see if I get any responses. Tag: CAPICOM and CSR or PKCS#10 Tag: 96775
 - 4
 - problems with malware i've been having a lot of trouble with my server trying to login to terminal services. one minute it works fine and the next we can't get in. after about an hour it will start working fine. can someone check through the hijackthis log to see is something is wrong or something is making me have a denial of service? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:07:58 PM, on 2/21/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\termsrv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\llssrv.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Dfssvc.exe C:\WINNT\System32\msdtc.exe C:\WINNT\System32\svchost.exe C:\Program Files\AntiVirusKit InternetSecurity\Firewall\GDFwSvc.exe C:\WINNT\Explorer.EXE C:\Program Files\AntiVirusKit InternetSecurity\AVKTray\AVKTray.exe C:\Program Files\AntiVirusKit InternetSecurity\Firewall \GDFirewallTray.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\rdpclip.exe C:\WINNT\Explorer.EXE C:\Program Files\AntiVirusKit InternetSecurity\AVKTray\AVKTray.exe C:\Program Files\Online Backup\OnlineBackup.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C: \PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C: \WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\AntiVirusKit InternetSecurity\AVKTray\AVKTray.exe" O4 - HKCU\..\Run: [@BackupScheduler] C:\Program Files\Online Backup \OnlineBackup.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-21-1708537768-1303643608-839522115-1011\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard \icwconn1.exe /desktop (User '?') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files \Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: G DATA Firewall Tray.lnk = C:\Program Files \AntiVirusKit InternetSecurity\Firewall\GDFirewallTray.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files \Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2- a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C: \PROGRA~1\SPYBOT~1\SDHelper.dll O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175358834078 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175775957375 O17 - HKLM\System\CCS\Services\Tcpip\..\{77C7ACF2-6FAD-4DFD- AEC0-1CB435B7143E}: NameServer = 207.230.75.48,207.230.75.50 O17 - HKLM\System\CS1\Services\Tcpip\..\{77C7ACF2-6FAD-4DFD- AEC0-1CB435B7143E}: NameServer = 207.230.75.48,207.230.75.50 O17 - HKLM\System\CS2\Services\Tcpip\..\{77C7ACF2-6FAD-4DFD- AEC0-1CB435B7143E}: NameServer = 207.230.75.48,207.230.75.50 O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 7.0\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINNT \system32\ati2sgag.exe O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: G DATA Personal Firewall (GDFwSvc) - Unknown owner - C: \Program Files\AntiVirusKit InternetSecurity\Firewall\GDFwSvc.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C: \Program Files\Common Files\Intuit\QuickBooks\FCS \Intuit.QuickBooks.FCS.exe O23 - Service: QuickBooksDB17 - iAnywhere Solutions, Inc. - C: \PROGRA~1\Intuit\QUICKB~1.0\QBDBMgrN.exe O23 - Service: QuickBooksDB18 - iAnywhere Solutions, Inc. - C: \PROGRA~1\Intuit\QUICKB~1.0\QBDBMgrN.exe -- End of file - 5157 bytes Tag: CAPICOM and CSR or PKCS#10 Tag: 96771
 - 5
 - Updating Spybot problem I was trying to download Spybot 152 but it will say "Error reading URL, operation timed out." Do you know what's going on? The whole download is about 9M but this will happen after about 1M. Tag: CAPICOM and CSR or PKCS#10 Tag: 96770
 - 6
 - Sign and encrypt mail Hello, I'm having trouble with both signing and encrypting a mail between users. I can do either function separately but can't do both on the same piece of mail. This occurs whether I'm sending new mail or replying. I get an error that my ID cannot be found by the underlying security system. Is this a limitation or am I missing something? Thanks in advance for any help! Tag: CAPICOM and CSR or PKCS#10 Tag: 96767
 - 7
 - Kaspersky Anti-Virus & Internet Security 7.0: Critical Fix 1 (version 7.0.1.325) <QP> Concerning: Kaspersky Internet Security 7.0 MP1 (build 7.0.1.321) Kaspersky Anti-Virus 7.0 MP1 (build 7.0.1.321) On February, 19th 2008 Kaspersky Labs announces release of Critical Fix 1 for Kaspersky Anti-Virus 7.0\ Kaspersky Internet Security 7.0. The full version number is 7.0.1.325. IMPROVEMENTS compared to version 7.0.1.321: => Error that caused computer and web browsers (Microsoft Internet Explorer, Mozilla, Firefox) to slow down when Kaspersky Anti-Virus is running has been fixed. => Error that caused slowdown during loading of Microsoft Office 2007 applications when Kaspersky Anti-Virus is running has been fixed. => Error that caused slowdown during loading of computer's operating system when Kaspersky Anti-Virus is installed has been fixed. In order to install Critical Fix 1, do the following: => download version 7.0.1.325 from the Kaspersky Lab?s official site: http://www.kaspersky.com/productupdates => run the downloaded file => install the latest product version => restart your computer </QP> Source: http://www.kaspersky.com/support/kis7/tech?qid=208279696 -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ Tag: CAPICOM and CSR or PKCS#10 Tag: 96766
 - 8
 - dates in active directory are their dates related to user accounts like last login or last password change that are not replicated to all the domain controllers? that are only up to date on the last controller that was used to authenticate to? thanks Tag: CAPICOM and CSR or PKCS#10 Tag: 96763
 - 9
 - firewalls Which is a better firewall to use ? Norton's or Windows ? I was told in school a few years ago that Windows supplied was the stronger one. Thanks for any advice given. -- Lisa All the Worlds a Stage Tag: CAPICOM and CSR or PKCS#10 Tag: 96760
 - 10
 - 802.1x authentication logon has Home drive mapping problem I am using 802.1x authentication. When user tries to logon to domain on their computer using their AD user name and password, user will run logon script to map drives. they can map other drive by script except the "Home Drive" . There is problem when mapping "Home Drive" Sometimes they can't see it on my computer, but sometime they see it but "Access Denied" when double click. I am using Windows Server 2000 IAS, and Zyxel GS2024 as switch. Tag: CAPICOM and CSR or PKCS#10 Tag: 96757
 - 11
 - Can't get mail encryption to work Hi, I have an enterprise CA and am trying to test mail encryption between two users. UserA can send encrypted mail to himself as well as UserB with no issue. UserB can send encrypted mail to himself with no issue. However, when UserB sends encrypted mail to UserA I get the "The undelying security system can not find the ID" error. I've looked in AD and both users have the seemingly correct certificate listed in the 'Published Certificates' tab. What am I missing with regard to why UserB wouldn't be able to send to UserA? Thanks, Dan Tag: CAPICOM and CSR or PKCS#10 Tag: 96751
 - 12
 - IPC what is the best IPC mechanism that works best in Vista. We used to use SendMessage(). But, vista doesn't like it with UAC turn-on. Does anyone experienced the same issue? Tag: CAPICOM and CSR or PKCS#10 Tag: 96737
 - 13
 - fingerprint biometrics Guys I have recently purchased an integration toolkit from www.m2sys.com They made my life way simpler then I thought. I have spent over 4 months playing with a fingerprint scanner and sdk we bought from an online vendor. It was going nuts - no support no idea what was going on. Sean thanks a lot for directing me to this site. Tag: CAPICOM and CSR or PKCS#10 Tag: 96734
 - 14
 - Can not renew root ca Hello: I have a Windows 2003 SP1 server running as a Stand Alone Root CA. Its certificate is about to expire. Whether I choose "Renew Certificate with New Key..." or "Renetw Certificate with Same Key..." I always get the same error. "You do not have permission to request a certificate based on the selected certificate template" My account is a member of the Enterprise Admins. I've Googled this, but haven't found anything. Does anyone have any idea? Harrison Midkiff Tag: CAPICOM and CSR or PKCS#10 Tag: 96733
 - 15
 - informations for C:\WINDOWS\system32\wbem it seems one application import data from internet and write it in C:\WINDOWS\system32\wbem\Repository\FS in the files INDEX.MAP MAPPING.VER MAPPING1.MAP OBJECTS.MAP INDEX.BTR MAPPING2.MAP OBJECTS.DATA the file C:\WINDOWS\system32\conf\SECURITY is written too are written the logs file in the directory "wbem" too one of tham says Warning! User name at exit (BLAKY\Giuseppe) != user name at entry (WORKGROUP\BLAKY$) for select __RELPATH, __Path, Group, Description, Version, CreationDate, FileSize, Manufacturer, Name, __RELPATH from Win32_CodecFile 02/16/2008 18:02:45.531 thread:3252 [d:\xpsprtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.857] Warning! User name at exit (BLAKY\Giuseppe) != user name at entry (WORKGROUP\BLAKY$) for CIM_DataFile.Name="C:\\WINDOWS\\system32\\MSADP32.ACM" 02/16/2008 18:02:45.562 thread:3296 -------------------------------------- What does it mean:[wiaservc] Opened log at 17/02/2008 20:18:34.625? What does it mean: 2/17/08-20:19:58,[2524] CHPCompMgrService::ProcessIndirectRegistration - no permissions to read indirect registration registry area!!! in the file "hpcmerr.log" ? is all that ok in the security vew ? Tag: CAPICOM and CSR or PKCS#10 Tag: 96729
 - 16
 - How to protect the personal data in the removable flash memory if it is lost? how to protect the personal data in the removable flash memory from being viewed if it is lost? Is there really any reliable software could do this easily and user friendly? thanks. Tag: CAPICOM and CSR or PKCS#10 Tag: 96725
 - 17
 - Slow 802.1X Authentication Why my 802.1X authentication is so slow?? PEAP, MS-CHAP-V2 Domain user login and password. Zyxel 802.1X Radius Client Zyxel GS-2024 IAS using Windows Server 2000 AD using Windows Server 2003 Standard Windows XP service pack 2. It takes more than 1mins from type in the logon domain password to seeing the desktop icons. And mapping folder using logon script sometimes failed. Any solution ?? Tag: CAPICOM and CSR or PKCS#10 Tag: 96724
 - 18
 - WSUS - how starting Hi! we used a 3rd pary application for patching our servers. I have heard good things about WSUS 3 so I downloaded it and now I need some help. I found something about 500 updates which have to be approved. Do I have to read each update or is there perhaps a better way to install only the fixes for remote execution bugs? kind regards Juan Tag: CAPICOM and CSR or PKCS#10 Tag: 96718
 - 19
 - Question about pkiview.msc Root Certificate Expiring Greetings all, Have a question about Pkiview.msc - but first the setup details. Win2K3 standard - Stand-Alone root CA (Certificate lifetime 12 years) Win2K3 Enterprise - Enterprise subordinate CA/Issuing CA (Certificate lifetime 6 years) CRL and AIA informatinos are first published to a http site and then ldap for clients. When I run pkiview on the Issuing CA it shows a warning on the root ca. After selecting the root ca in pkiview.msc it says: CA Certificate - status - Expiring AIA location #1 (http) - status - Expiring AIA location #2 (ldap) - status - Expiring If I click on any of the links and open the root ca certificates it says that the validity is 30 years from now. Any who know if this is normal behavour for pkiview.msc and that I can ignore this or if I should trouble shoot on it? And if so, any suggestions of what to look for? On google I havn't found much about it, except a post which said that the status of expiring was ok. Thanks in advance, Benjamin Tag: CAPICOM and CSR or PKCS#10 Tag: 96701
 - 20
 - Home Security Camera * Easy to Use and Install * Just Plug it In your Television & you will be able to watch Instantly Live motions at your Home, Office or Godawn etc. * It is so small in Size * It can be Installed along with almost all the Television & VCR's having AV in Plugs * Great Indoor and Outdoor Resolution * Power Adapter and 20 mtr Cable Included * Colors and Model are Subject to availability. (No Choice) Please visit - http://www.homeshop18.com/hs18shop/faces/tiles/product.jsp?productID=20388&catalogueID=2&categoryID=1253&parentCategoryID=1070&bid=&prc=&sid=&q=&k1=&k2=&k3=&k4=&k5=&k6=&k7=&k8=&k9=&k10=&k11=&k12= Tag: CAPICOM and CSR or PKCS#10 Tag: 96696
 - 21
 - Conflicting IAS remote access policies problem This concerns a IAS RADIUS server. I have a pre-existing IAS remote access policy that authenticates all wireless users and allows them to connect to my companies wireless network. I am a member of this group. I have created a second policy to allow exec priviledge logins to my Cisco routers. I set the policy to allow anyone who is a member of the Domain Admins group this right. I am a member of this group as well. When the wireless policy is listed first, and I attempt to login to my Cisco router, I get an "IAS_INVALID_AUTH_TYPE" error in my IAS log, but I can connect to my wireless network just fine. If I reverse the order of the policies, I can log in to the Cisco router just fine, but then I get the "IAS_INVALID_AUTH_TYPE" error when I connect to my wireless network. The logs also show that when the login is failing on the first policy, it does not fall through to the second policy. Is there any way around this? I want to stay in both the wireless users and the Domain Admins groups; can I configure IAS to go down my list of policies until I either reach one that accepts my login, or I'm rejected by all policies? Thanks. Tag: CAPICOM and CSR or PKCS#10 Tag: 96688
 - 22
 - How do you get past Vista security ? Digitally sign your malware ! http://sunbeltblog.blogspot.com/2008/02/dangerous-new-fake-american-greetings.html -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Tag: CAPICOM and CSR or PKCS#10 Tag: 96682
 - 23
 - Certificate Enrollment API: Request on behalf of another user Hi What is the correct process to request a certificate on behalf of another user by using the new Certificate Enrollment API (certenroll.dll) with Windows Vista / Windows Server 2008? I know, that - I need a IX509CertificateRequestPkcs10 request object - I need a IX509CertificateRequestCmc object - I need a IX509NameValuePair object (request on behalf...) - I need a IX509Enrollment object But, what are the correct steps to assemble the request and install the signed response from a CA? Any help is welcome. Thanks and Regards, Dominik ----------------------------- http://blogs.ecreation.ch Tag: CAPICOM and CSR or PKCS#10 Tag: 96680
 - 24
 - share premission errors I cannot run exe files directly from the server. When running them from the share (\\server\share\file.exe), I get a permissions error that reads "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." It does run however when I execute it from explorer using the drive (D:\folder\file.exe), or using the unc path from another computer. I am logging in as the domain admin. All users have full share permissions. What could be causing this? Thanks for any help, Brian Tag: CAPICOM and CSR or PKCS#10 Tag: 96675
 - 25
 - Don't mention this to Bill G or Steve B.. http://it.slashdot.org/article.pl?sid=08/02/10/2011257 ..or they might fall off their respective stools laughing. :-)))) Tag: CAPICOM and CSR or PKCS#10 Tag: 96667

Does anyone know if CAPICOM can help me to create a Certificate
Signing Request (or a PKCS#10)?

Thanks

Roberto

Top