CA root certificate

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - PKI - Manual Enroll - Auto Renewal - Possible? How do you configure a certificate template for Manual enrolment and Auto renewal? For example: I have a web server called â??WINSERVER1â??. It hosts a website called â??coolwebsite.localâ?? I request an SSL from the internal CA called coolwebsite.local. I want that certificate to automatically renew when it expires. Obviously this has to be a manual enrolment as the server would not know how to request some random website name in a certificate. This is what I have configured: I have an AD Integrated Enterprise issuing CA. A version 2 certificate template has been created for computer authentication. Template settings are as follows: Subject Name Tab -Supply in the request (followed by a description. The sentence of interest is â??Autoenrollment is not allowed if you choose this option) Issuance Requirements Tab -Require the following for enrolment: CA certificate manager approval -Require the following for reenrolment: Valid existing certificate Security Tab -AD group allowing Read Enroll and Autoenroll A server is added to the AD group that was configured on the Template permissions tab. A GPO has been created allowing the server to autoenroll and renew. A certificate was requested via the web interface http://caname/certsrv using this template and approved via the Certificate Authorities mmc. The server then had a certificate with a validity of 1 year. My expectation was that it would auto renew the certificate when it was due to expire â?? using the GPO, Template security, and â??Valid existing certificateâ?? issuance requirement. This has not happened. Have I configured something incorrectly? Or Is it not possible to have manually enrolled and automatically renewed? Tag: CA root certificate Tag: 97790
  - 2
    - Internet Access fails after VPN established Hi, I have a VPN connection set up using Internet Explorer-Tools-Internet Options-Connections. When at home, I first connect to the internet thro an ADSL Router. Am able to access internet. Now I connect to the VPN. I can access remote LAN without any probs. Can RDC/VNC/Explore any of the IP addresses in Remote LAN. However, I cannot access the Internet as long as the VPN is on. How can I access both the internet and the Remote LAN simultaneously? TIA Kar Tag: CA root certificate Tag: 97776
  - 3
    - how do I logon to local admin on server 2003 doman Hi all, Had a 2003 server crash. Got it backup but discovered I did not have local password to use to do a chkdsk. My question is now that the server is backup how do I logon as local administrator to test my password. When I log off as domain administrator the drop down box to logon does not have an option to logon as local admin. It only shows my domain. Do I need to restart the server and hit a function key or something? I just wanted to test the local admin password so that next time I need it I will know what it is. Thanks in advance for any help on this. Sher Tag: CA root certificate Tag: 97759
  - 4
    - Hotmail Is it just me, or has there been a significant increase in the number of fraudulent phishing type scams on the Hotmail service bulk email folder? dUh...when are they going to do something about it?! I usually would submit these to abuse@hotmail.com or whichever mail service I am using at the time. At Hotmail the complaint gets the auto-response of no action taken. It is almost as if by elimination they are looking for who we don't have an account with... Tag: CA root certificate Tag: 97752
  - 5
    - Windows Defender- no v2.0? Wont there be a windows defender v2.0? Tag: CA root certificate Tag: 97748
  - 6
    - rogue local policy I was advised to post here. I have a client who has SBS 2003 r2. On the VP's workstation, he downloaded a cutesy screen saver. Then he removed it. Damage done! He now cant remote into his workstation. Error message is that the local policy wont permit it! I have logged on locally as admin and cant turn off windows firewall (greyed out), which somehow got turned on. Ran all the virus and spyware scans. Nothing. The remote exception is enabled. I think I might have to wipeout his workstation and re-install. Not what I want to do. Any suggestions? Thank You, Corky Tag: CA root certificate Tag: 97738
  - 7
    - How to Protect Your Credit or Debit Card and Account Number ??? http://the-secured-credit-cards.blogspot.com, To protect your account numbers, be cautious about sharing them, whether purposely or inadvertently. Know where your cards are at all times, and be suspicious of anyone who requests your number over the phone. More resource : http://the-secured-credit-cards.blogspot.com http://the-credit-card-application.blogspot.com Tag: CA root certificate Tag: 97736
  - 8
    - Getting bounced emails that I did not send. For the past few weeks I have been getting a lot of bounced emails that I did not send. They come to both my address and my wife's. They come in spurts. Today I received about 70 in one hour. Then it stopped. It will probably happen again tomorrow. What is happening. Is there a page where this problem is described? Stan Hilliard Tag: CA root certificate Tag: 97729
  - 9
    - Dcom Exploit My Avast online scanner keeps flashing up with a Dcom Exploit 88.107.???.???:135 /tcp (the ???.??? keeps changing. 251.156, 115.154 being two of the combinations.) Am I being targeted by someone. Tag: CA root certificate Tag: 97720
  - 10
    - Virtual PC 2007 (SP1) silently installs vulnerable MSXML6 Hi @ll, one more chapter in the book "How Microsoft lives Trustworthy Computing". NOT! Yesterday the "Virtual PC 2007 Service Pack 1" was published on the Microsoft Download Center. The SETUP.EXE (32 bit) available for download there contains but an outdated and vulnerable MSXML6 (msxml6-KB927977-enu-x86.exe to be precise; notice the ENU, even in the GERMAN SETUP.EXE). This MSXML6 gets installed (in case no newer MSXML6 is already present on the target system) WITHOUT ANY notice even before the first MSI dialog of VPC is displayed, i.e. the users system is altered even if s/he choses to abort the installation (or the installation aborts itself, as is the case on Windows 2000). Where has the QA department been sleeping lately? Stefan PS: "Virtual PC 2007" has the same error too. Tag: CA root certificate Tag: 97719
  - 11
    - Bravesentry.com has hijacked my home pc! I desperately need help! This virus has hijacked my pc to make it look like a program has installed on my pc and is scanning my pc for viruses. It comes up with I believe fake viruses and tells me to purchase and download this software to remove it. It changed my windows so now I don't have administrative rights to uninstall anything. I looked in task manager, and can't find any bravesentry entry, but not sure what else to look for. I tried safe mode, but still have no admin. access. I tried to restore to an earlier time, but that doesn't help. It has installed not only bravesentry, but other stuff I can see on my desktop. I called Geeksquad and they said I would have to bring it in to have it fixed and cost about $200! I have windows xp, sp2 IE6 Dell 8300 (about 4 yrs old) It also has hijaced my internet. I would like to restor to an earlier image of my pc but I don't know how to do that. Anyone else have any advise on how to get my pc back to normal? Tag: CA root certificate Tag: 97716
  - 12
    - Problem with WLAN IAS certificate enrollment -Group policy set to allow autoenrollment -IAS/DC's members of new security group -Certifcate template set to allow enroll and autoenroll for newly created security group -Both IAS/DC's have been rebooted since adding to new group -Domain controller certs have been issued to both IAS servers -Selected automatically enroll certs in Certificates MMC. I have done this a few times now over the past four days...certs are not being issues to the IAS servers for WLAN auth. There are no errors in the application log on the IAS servers or the CA server. Any ideas on how to get this cert issued to both IAS servers? Tag: CA root certificate Tag: 97715
  - 13
    - Token validation is inconsistent Hi, I am having a very wiered problem. I am using kerberos validation. Initially client sents the token to server and sever sends some reply token & demands for next round of validation. And then finally server gives a token that client has to use for further communication with server, handshake complete. This works fine for US AD server, but does not for UK AD server. I am using Windows 2003 server. Please help! Thanks! Tag: CA root certificate Tag: 97712
  - 14
    - Forefront and System center on the same server. Windows 2008 and SQL 2005 SP2 I want to install Forefront client security, Operations Manager 2007 and Configuration manager 2007 on the same server. Will I encounter problems? How can I avoid them? Tag: CA root certificate Tag: 97709
  - 15
    - User permission to open Open files in Computer Management Hi All, I would like to add an 'view' access to an user in Computer Management/Shared Folders/Open Files. (Windows 2003 server). When an user open it (Open Files), he get an error message, that he has not permission to view the open file list from windows clients. I have administrator rights, and I have work it. I cannot get Server Operator rights to this user, because he has to view open files or sessions only. Could someone give me help, how to give appropriate right to the user. Thank You, Attila Tag: CA root certificate Tag: 97708
  - 16
    - Need help with xcals syntax! My problem: I want to grant a user to a folder all accesses except Traverse, Take Ownership and Change Permission. I do not know how to compose command line syntax. ~~~~~~~~~~~~~ There seems to be two XCALS from Microsoft. One is a VBScript xcals.vbs and the other is xcals.exe from 2000 reskit. The two tools do not have exact syntax. However, when I tested xcacls.exe with a folder (xcacls c:\temp\1 /E /T /G guest:EWD), and open Properties Security tab, I get: --------------------------- Security --------------------------- The permissions on x are incorrectly ordered, which may cause some entries to be ineffective. Press OK to continue and sort the permissions correctly, or Cancel to reset the permissions. --------------------------- OK Cancel --------------------------- Tag: CA root certificate Tag: 97707
  - 17
    - Problems with Forefront installation. Windows 2008 Standard SQL 2005 SP2 Standard When running preinstall check I get this errors: Warning: SQL Reporting Services 2005 SP1 is not installed.---it is installed, services are running and Iâ??m able to access the http://server/Reports website. Next error: Task(Install the Collection Database) The following process failed. Process: C:\Windows\system32\msiexec.exe Exit code: 1603Number of tasks completedâ?¦â?¦. any ideas Tag: CA root certificate Tag: 97703
  - 18
    - Problem with creating site server signing certificate template Windows 2008 Iâ??m trying to create a certificate by following directions from here: http://technet.microsoft.com/en-s/library/bb694035.aspx#BKMK_siteserver At the section â??Requesting the Site Server Signing Certificate for the Server That Will Run the Configuration Manager 2007 Site Server To request the site server signing certificate: â?? #5 advanced certificate requestâ??there is no template that I made in My steps are: http://server/certsrv Request a certificate, then advanced certificate, then create and submit a request to this CA. When I click on that link, I get â??In order to complete certificate enrollment, the website for the CA must be configured to use HTTPS authentication.â?? I click OK, and then look in the certificate template, and I donâ??tâ?? see it . Plus where on the CA server do I need to enable HTTPS authentication. IIS 7 is different, and Iâ??m not quite sure where is that option. Another thing is that IE has a yellow bar that said that IE prevented ActiveX and is not giving me an option to enable it. Tag: CA root certificate Tag: 97702
  - 19
    - Does anyone still have Win32Security.dll from gotdotnet? I have a need to set file security in a small app for a customer but have to do it in Visual Studio 2003. So the new security classes in 2.0 are not available to me. I remember I once used a user sample called Win32Security (created Microsoft guys) from gotdotnet. Now gotdotnet is shutdown and moved to MSDN - without all user samples moved to the new site! I wonder if anyone still has Win32Security.dll and can kindly please send me a copy. Thanks. Tag: CA root certificate Tag: 97697
  - 20
    - Command for changing file security? I'd like to know if there is a command to let me change file security in console window. Thanks. Tag: CA root certificate Tag: 97682
  - 21
    - How to prevent users from deleting Word/Excel files in a Share? Anyone know how to prevent users from deleting files/folders (Word/Excel files) but still allow them to edit and save them? I setup a test share on a Win2K3 Server. Remove all rights for all users except for the admin group. At the NTFS security tab I grant a group Modify, Read/execute, list, read and write permissions. Then in the advance/special permissions tab I enable the deny delete subfolders and files right. I then create a word doc and it allws me to create it and edit it but the temp file dont get deleted. If an Excel file gets edited and saved we get an error the the folder is marked as read only. So at a high level I wnt to prevent users from deleting MS Office docs but still edit them. I know the users can still open then and delete the contents of the file itself but I can live with that...any suggestions? Thank you, Tag: CA root certificate Tag: 97681
  - 22
    - impersonation for active directory userid fails Hi, Is there a particular property/permission I need to assign to a userid within active directory so that I can user impersonation? I ran into a situation where one particular userid cannot be impersonated but this program has been successfully doing impersonation for quite some time. The LastError message is Logon failed but when I login manually using the userid on this particular machine it is able to login. This leads me to believe there is a local security setting or an AD setting that is preventing me from impersonating. I hope this email makes sense :-). Thanks in advance. Tag: CA root certificate Tag: 97676
  - 23
    - I am looking for the classic "Send Keys" program Gurus, I am looking for the classic "Send Keys" program, to work on either Windows XP or Windows Server 2003, but I want to download it from a site which is virus and ad-ware free. Any suggestions? -- Spin Tag: CA root certificate Tag: 97668
  - 24
    - adware-spyware computer behaves erratic I formated my computer and installed fresh operating system. When I open an internet explorer and browse some adware get installed and my desktop seems to be hijacked some ads gets displayed on my desktop.When I open a browser some unknown sites get opened. Please give me real solution for this and wht i need to do. Anil Tag: CA root certificate Tag: 97665
  - 25
    - Q: NTFS Encryption Suppose someone wanted to set up a database and the DB starts as a service when the computer is booted. The database directories are encrypted using NTFS encryption. As I understand it, the secret key for the encryption is "protected" using the password of the account who originally encrypted the files (the encryption key is itself encrypted with the user's password). When the DB service is created, the user enters the DB password so that the serrvice can start and can decrypt its files, without the user having to enter the password every time the machine is rebooted. That DB password MUST be stored somewhere on the hard drive, otherwise the encryption key could not be recovered and the files would be unreadable. Now I understand that if you removed the hard drive from the original computer and placed it in a new computer as a secondary drive, if the new computer is also running Windows, you will not be able to recover the DB password and so will not be able to read the DB encrypted files. But, support you placed that drive in a Linux machine. Could you not find the DB password (it MUST be some place on the drive), and with that, decrypt the DB encryption key and get access to the encrypted files? Where is the flaw in my logic? Tag: CA root certificate Tag: 97662
- Next
  - 1
    - Patches installing during shutdown I've had a couple times when I tried to shut down but Windows said it had to install updates and then shutdown. Which it did okay. I'm confused what the setup has to do with this. If you have Automatic Updates on, it could be fully automatic or it could be "Notify but don't install right away." Do these two settings have to do with whether or not it will install during shutdown? If it is fully automatic, you can also set a time, and I think the time selected can cause Windows to update during shutdown. Tag: CA root certificate Tag: 97655
  - 2
    - Existing untrusted Root CA I have a Win2003 AD domain with an untrusted root CA (it is installed on a DC) that I would like to remove. I have already built a new offline root CA and online enterprise issuing CA in this domain. My DCs and ISA servers (same machines) are not getting the domain controller certificates or ISA certificates. I believe this is because of the existing untrusted certificate already assigned to the computer account in AD but I'm not positive. Both DCs (again ISA as well) are members of the Cert Publishers security group. Do I need to remove the existing CA to get the domain controller certificate from the new issuing CA to install correctly? If so, what are the proper steps in removing the CA? There is only one certificate that is still in use for this CA and it is for a test webserver. Thanks for your help! Randy Smith Tag: CA root certificate Tag: 97653
  - 3
    - Creating Site Server Signing Certificate Template Windows 2008 Iâ??m trying to create a certificate by following directions from here: http://technet.microsoft.com/en-us/library/bb694035.aspx#BKMK_siteserver Creating and Issuing the Site Server Signing Certificate Template on the Certification Authority On #15, I ran into problem, my server is standard edition; I did an upgrade to enterprise over standard (without reinstalling OS) #15 In the Enable Certificate Templates dialog box, select the new template you have just created, ConfigMgr Site Server Signing Certificate, and then click OK. I donâ??t see the certificate template that I just created even after upgrading to enterprise and redoing the template. Any ideas/suggestions? Tag: CA root certificate Tag: 97641
  - 4
    - Test environment Hello, does anyone know if it is documented anywhere that a test environment should be physically and logically seperated from the production environment? Thank you, Richard Tracy Tag: CA root certificate Tag: 97638
  - 5
    - Any advantages by running a two-level certificate solution? Hi I'm looking into creating a two-level certificate hierarchy and I'm just wondering, are there any advantages by running this as opposed to a single-level CA certificate? A three-level hierarchy (which is what Microsoft docs seem to advocate) is an overkill for my intended use of a CA. I want to set up a CA solution that's as secure as possible without using HW based crypto units or a three-level CA hierarchy. That's why I am wondering if a two-level CA hierarchy will do the job. All my issuing CA's will be issuing the same type of certificates. If the certificate of the issuing certificate CA is compromised, do I need to rebuild the entire hierarchy? Any best-practices out there for a two-level CA solution? Other things I should be aware of? Thanks, L. Tag: CA root certificate Tag: 97637
  - 6
    - Password complexity Hello: I have an enterprise with multiple domains. The domains have Windows NT, Windows 2000 and Windows 2003. The Windows servers have software applications running as services. Most services have a local account and a few services have a domain account. I have a project to strengthen passwords. My goal is to implement a password complexity policy on the local and domain accounts. Is there a third-party product that can do this task? Thanks, Mark Tag: CA root certificate Tag: 97635
  - 7
    - Bypassing domain and OU GPO settings using the Security Configuration and Analysis MMC Gurus, This is a re-post of a message sent solely to the group_policy NG. I'm copying a wider audience here to engage some discussions amongst you IT Security Managers/security consultants out there. Running Windows Server 2003 SP2 in a single Active Directory domain (Lab environment). I am experimenting with the Group Policy Security database, secedit.sdb If you run the Setup Security INF in the Security Configuration and Analysis Snapin against this database, you will bring your system back Windows security default settings and it will remain that way until the next Group Policy Refresh interval. You must be an admin on the machine to do this. My question is, isn't this a security risk in it's own right, bypassing domain and OU GPO settings? A respondent in the Group Policy newsgroup (Marcin) stated that if my sole goal is to prevent use of Security Configuration and Analysis, I have ability to restrict access to arbitrarily selected snap-ins via GPO. In addition I could restrict ability to execute Secedit (which one can do by following http://support.microsoft.com/kb/323525). While I agree this is a major technical challenge, has anyone else in these other NGs I've copied on this message ever worried about this? Or should I just let it pass? -- Spin Tag: CA root certificate Tag: 97629
  - 8
    - url locations of patches and md5 hash Iâ??ve been trying to find a central location of where the url locations of patches for different languages and the md5 hash. Havenâ??t found such a website at Microsoft but would appreciate anyone that could point me in the right direction. Tag: CA root certificate Tag: 97628
  - 9
    - How to monitor privileged user access? Hi all. Please excuse me if this issue has been covered before, I searched but couldn't find any substantial answer. I have 10-15 privileged users accessing my network from outside (through FW, via VPN). They access the network and perform various tasks such as maintaining my Exchange servers and so on. 2 weeks ago I had issues with some AD objects that have been deleted from the AD. The user responsible for AD management claimed he did not do it, and this has brought up my question: How would you suggest that I monitor these users' actions? I have around 100 servers and I would like to know what they did. Thanks, Jim Tag: CA root certificate Tag: 97624
  - 10
    - DNS and DSL modem I normally use a Speedtouch 585 DSL modem/router. Sometimes, I connect to another modem when I'm on the road. I think it's a Linksys (not sure if it matters). When connecting to this other modem, I have to enable a rule that allows UDP connections from an ISP IP (port 53) to services.exe. According to http://groups.google.com/group/microsoft.public.inetserver.iis.security/browse_frm/thread/276127f9eb548070/e4ba0568c9fdaaff these are DNS responses (confirmed by ipconfig /all). However, the DNS servers are normally my Speedtouch 585 rather than an ISP IP. Is this normally a configurable modem setting? Tag: CA root certificate Tag: 97619
  - 11
    - Windows Firewall and Norton 360 both report that they are turned o iIn Vista, SP1, Windows Security Center, under the Firewall tab, it reports that both Windows Firewall and Norton 360 are "on". I'm not aware that there is any Norton software installed on this machine. The Norton Removal program won't run, claiming the directory name is invalid. The main higher-level symptom I experience is that it is not possible to run Remote Desktop; the connection can't be established, which usually is a firewall problem. I'm connected directly to the cable modem, no router in between. Got any ideas? Tag: CA root certificate Tag: 97616
  - 12
    - certificate Services will not startup on specified port Hello All, I hope you can help: I keep seeing errors when I setup a Enterprise CA. The Certsvc request is configured in component services to utilize port 2000 (lets say), and rpc ports are restricted to a range of ports. (usually 100 ports are allocated). However, The CA process is usually found on a port in the rpc range instead of being on the port specifically allocated to it (2000). This causes Autoenrollment of certificates to not occur unless i reset the configuration in component services to default. Upon further investigation, i found that the DHCP server service loves to grab the 2000 port, and this then forces forces the CA service to take a port within the rpc range. The question becomes: Can I force the CA to always grab port 2000 before anything else takes it? thanks in advance. Tag: CA root certificate Tag: 97613
  - 13
    - Vulnerable, Outdated, Dangerous DLLS Does anyone know of a comprehensive list of dlls that are considered dangerous, outdated, and vulnerable? As an alternative, are there online (or installable) software routines which look for such dlls and warn about their presence? I am trying to do a quick scan to satisfy myself that a storage disk which contains an outdated "Program Files" folder does not have vulnerable dlls buried in one of the "Common" folders endemic to Windows which clearly save space but make such dlls much harder to find. Thanks, baumgrenze Tag: CA root certificate Tag: 97612
  - 14
    - Windows Defender History Hi all, WXP Sp3 I'm unable to access Windows Defender History. Installing it againg didn't work. Any help? Thanks, Andrea Tag: CA root certificate Tag: 97608
  - 15
    - Enrollment Agent & Smart Card Certificate Templates Best practices? Hi Folks, We are working towards enabling smart-card logon in one of our child domains and I was curious if anyone has some best practices they would like to share as far as the Enrollment Agent & Smart Card Certificate Templates. I have the Microsoft Press Server 2003 PKI book on the way, but it isn't here quite yet. I will be duplicating the existing EA template and assigning it to their issuing CA. I will then changing the permissions on it to only be available to the EA security group in the domain. Should I mark the existing unused Enrollment Agent template as superseded by this one or leave it alone? When they are done with EA enrollment, I'll pull the template from the issuing CA, but not delete it from AD. I will also be duplicating the Smart Cart template and assign it to their issuing CA I will also lock it down to their EA security group and require a Certificate Request OID for any request. What else should I consider? I know there is probably a ton which should be sifted through, but it is becoming a bit of a rush job for something I fully feel should NEVER EVER be a rush job. These things take planning, but I'm stuck learning with trial by fire here. *The offline Root CA is 2003 Enterprise. *The existing Issuing CA is 2003 Enterprise. (Using this to duplicate the template) *The new Issuing CA they'll be using is Server 2008 Enterprise. (Not yet online, later today probabaly) Thank you! p.s. They want to do certs for WLAN Vista clients & WAPs too, but I'll post a different thread for that. Tag: CA root certificate Tag: 97599
  - 16
    - Trying to manually generate a windows security event hello: I am trying to generate event 536 - The NetLogin component is not active. I have tried to disable that service, but I still can login and the event is not generated. Does anyone know how to get this event to generate? Thanks Tag: CA root certificate Tag: 97597
  - 17
    - Security issue sharing folders on local network? I am running a local network with 3 machines, administrated and used only by myself. I prefer to run as the "Administrator" user on all 3, because its much easier to install new software, and set up folder sharing. I have set up file shares so that only the "Administrator" user is allowed access (not even the Administrators group). I notice that even if my Admin password is different on each machine, I can still access the shared files. I thought this was supposed to be impossible? Shouldn't it require the same password to access the files. Otherwise, it seems anyone with an "Administrator" user name and access to my network could get at my files? Tag: CA root certificate Tag: 97593
  - 18
    - Virus or not Virus? When I scan my PC using F-Secure, I find no virus, but when I use the online Norton anti-Virus, I find following infected files. our computer is infected with at least one known virus or Trojan horse. Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information C:\WINDOWS\Downloaded Program Files\UERSR_0001_N91M2407NetInstaller.ex... is infected with WinFixer C:\WINDOWS\Downloaded Program Files\UERS_0001_N68M1801NetInstaller.exe is infected with ErrorSafe C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSR_0001_N91M2407NetI... is infected with WinFixer C:\backup_carman\Radmin\r_server.exe is infected with Remacc.Radmin Tag: CA root certificate Tag: 97592
  - 19
    - how to success OpenScManager for local machine when logged in with a user don't have administrator privileges Hello All, I logged in as a local user which do not have administrator privileges on Vista. Then I tried to use: LogonUserA(user, domain, password, LOGON32_LOGON_NEW_CREDENTIALS, LOGON32_PROVIDER_WINNT50, &token); ImpersonateLoggedOnUser(token); OpenSCManagerA(machine, NULL, SC_MANAGER_CREATE_SERVICE); It successed when the target machine is a remote machine, but failed for the machine itself. I guess LOGON32_LOGON_NEW_CREDENTIALS use the credentials I put for the remote connection but not for the local, so I have tried change LOGON32_LOGON_NEW_CREDENTIALS to some other values but it can't work. Is there some other solution for this? Thanks, tianc Tag: CA root certificate Tag: 97591
  - 20
    - Big folder of exe files Hi group, I want to encript a very huge folder of my hard disk, that contain my installer files, i.e, exe, msi files, etc, but I m a bit worried that encripting them could affect the original files. I shall to use XP encription. comments, suggestions? thanks very much in advance, Carlos. Tag: CA root certificate Tag: 97589
  - 21
    - Updating Trusted Root CA If you are working on a "legacy" system on windows; where do you go to for an update of the trusted root CA lists? If any have expired or have gone...with the wind, should I delete or let an update program perform this action? Are the Intermediate CA's being updated also? tia-maria Tag: CA root certificate Tag: 97587
  - 22
    - Account/Password Policy Using GPO Not Working Hello All, I have a Windows 2003 AD based domain with primary and backup domain controllers. Client workstations are 95% Windows XP, 4% Mac, and 1% Windows 2000. I modified the default domain policy to set password minimum requirements and expiration as well as account lock-outs. However, these policies are not taking effect on any workstation (I understand the Macs are pretty much out of the picture for this). I have done this before on other domains successfully. Other existing group policy objects are working fine, both within the default domain policy and other add-on policies for proxy servers, WSUS, etc. When I review the RSoP, I receive an error within the Security section of the Component Status stating, "Security failed due to the error listed below and failed to log the resultant set of policy information." However, there is no "error listed below" Any help would be greatly appreciated. Tag: CA root certificate Tag: 97583
  - 23
    - Store private key in assembly Hi! I want to know if there's any way to store a private key into an assembly. I want to encrypt the comunication between COM object and .Net object and to do this I want to use a simetric algorithm, and both objects need to know the private key. Using Reflector tool is very easy to know the private key. How can I protect this information inside the assembly????? Code ofuscation is the unique way to protect the key???? Thanks Tag: CA root certificate Tag: 97582
  - 24
    - MBSA 2.1 RELEASED The latest version of Microsoft Baseline Security Analyzer 2.1 has been released for immediate download at http://www.microsoft.com/downloads/details.aspx?FamilyID=F32921AF-9DBE-4DCE-889E-ECF997EB18E9. Please see the MBSA Home Page (www.microsoft.com/mbsa) for more details. MBSA 2.1 Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool that helps small and medium businesses determine their security state in accordance with Microsoft security standards. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS), System Center Configuration Manager (SCCM) 2007, and Small Business Server (SBS). Used by many leading third party security vendors and security auditors, MBSA on average scans over 3 million computers each week. Join the thousands of users that depend on MBSA for analyzing their security and security update compliance. New Features found in MBSA 2.1: . Support for Windows Vista and Windows Server 2008 . Updated graphical user interface . Full support for 64-bit platforms and vulnerability assessment (VA) checks against 64-bit platforms and components. . Improved support for Windows XP Embedded platform . Improved support for SQL Server 2005 vulnerability assessment (VA) checks . Automatic Microsoft Update registration and agent update (if selected) using the graphical interface or from the command-line tool using the /ia feature . New feature to output completed scan reports to a user-selected directory path or network share (command-line /rd feature) . Windows Server Update Services 2.0 and 3.0 compatibility Noteworthy changes for users of earlier versions of MBSA: By customer request, the automatic distribution of the latest Windows Update Agent (WUA) client to client computers when scanned by MBSA has been disabled by default in MBSA 2.1. MBSA 2.1 will not install any updated Windows Update Agent binaries on a target computer without consent from the administrator using the MBSA scan tool. This may prevent MBSA from successfully scanning computers that don't have the latest WUA client installed. To increase the number of computers MBSA can assess, Administrators and security auditors are encouraged to select the option to 'Configure computers for Microsoft Update and scanning prerequisites' which was the default behavior in earlier versions of MBSA. The corresponding command-line feature to automatically update the WUA client has been added with the new /ia command-line option. Customers also requested the ability to output completed MBSA scan reports to a directory or network share of their choosing. This has been implemented in the command-line version of MBSA (mbsacli) only (not the graphical version) using the new /rd feature. Upgrade to MBSA 2.1 today. If you have any questions regarding MBSA, feel free to post them to the MBSA newsgroup at microsoft.public.security.baseline_analyzer. -- -- Doug Neal [MSFT] dugn@online.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights. If newsgroup discussion with experts and MVPs is unable to solve a problem to your satisfaction, feel free to contact PSS for support on the Microsoft Baseline Security Analyzer (MBSA). Information is available at the following link: http://support.microsoft.com/default.aspx This e-mail address does not receive e-mail, but is used for newsgroup postings only. Tag: CA root certificate Tag: 97575
  - 25
    - Suddenly All users are allowed VPN access!! ISA Server 2004 SP3 Windows 2003 SP2 On Active Directory:........ AD User DIal-In Tab has "Allow Access through Remote Access Policies" By default. On the ISA:...... Remote Access Policies IN the "ISA Server Default Policy", the "Policy condition" has the "Domain Users" group Action "Grant Remote Access Permission" What is wrong? what of the above isn't a default? I didn't change any of the settings!! Any explanation?? Regards,NN Tag: CA root certificate Tag: 97574

Hi to all. This is my first post and my first step to the PKI
knowledge.
Someone have asked me if there is a way to make the Root Certificate
not exportable so only the one who have installed this certificate in
the machine can access via PEAP to the wifi network and in the same
time the user cannot pass this certificate to another PC.
A kind of security enanchement.
Ok...i think i have the answer and it's NO, but to be honest I'm too
new to this topic and I wont to be sure.

Thank for your intrest and sorry for my bad english

Top

Re: CA root certificate by S

S
Fri May 23 05:07:00 CDT 2008

You're right - the answer is resounding no. Certificate is public
information. It is presented to anybody requesting PEAP connection.

What you're looking for if protected private key. Use EAP-TLS instead of
PEAP, put the client certificate (along with private key) on a smart card
and that achieves the outlined goal.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

<michele.gullia@gmail.com> wrote in message
news:f8501c23-1edd-4300-a1d3-e7b63168714c@z72g2000hsb.googlegroups.com...
> Hi to all. This is my first post and my first step to the PKI
> knowledge.
> Someone have asked me if there is a way to make the Root Certificate
> not exportable so only the one who have installed this certificate in
> the machine can access via PEAP to the wifi network and in the same
> time the user cannot pass this certificate to another PC.
> A kind of security enanchement.
> Ok...i think i have the answer and it's NO, but to be honest I'm too
> new to this topic and I wont to be sure.
>
> Thank for your intrest and sorry for my bad english

Top