A seguir


3.2 Supersede User certificate template Smart Card Logon Enterprise Subordinate WS 2008 R2 Windows 7

6 Visualizados
oguiadacidade
0
Publicado em 08 May 2019 / Em Pessoas e Blogs

https://marvel-it.icu/iiamwad-implementing-identity-and-access-management-in-windows-server-active-directory/supersede-user-certificate-template-smart-card-logon-enterprise-subordinate-ws-2008-r2-windows-7<br />http://www.youtube.com/watch?v=Orosx74POL8<br /><br />According to the part 1 about Configuring Active Directory Certificate Services Certificates, you now have a first experience with the AD CS, CAs, certificates as well as why we need Certificate Templates to simplify the issuance.<br />However, let's consider this scenario:<br />Some users in the organization are required to travel frequently. These users require access to network resources of your AD domain from any of the branch offices or across the public network. In addition, these users can use any machine to get access to the network resources. For this, you have to ensure that these users are authenticated and authorized from anywhere to access the network resources.<br />Therefore, you should decide to enroll these users for a certificate that can be embedded on a plastic chip.<br /><br />[00:10] It's called Smart Card, we use it in conjunction with passwords to create layers of protection without further complexities in usage.<br />Remember that, we can't use the previous certificate to use with this secure media because a certificate is designed to use with the particular purpose(s), our old one is used for: Client Authentication, Secure Email, and EFS.<br /><br /><br />[00:18] That's why we need to use another template with the Smart Card Logon application policy.<br /><br /><br />[00:31] We will do this configuration on the Subordinate Enterprise CA Windows Server 2008 R2 because the Standalone Root doesn't utilize certificate templates.<br />[00:37] "Stand-Alone Certification Authorities" - technet.microsoft.com<br />http://bit.ly/stand-alone-CA-TN<br /><br /><br />[00:41] Navigate through the Certificate Templates section of Certificate Authority certsrv MMC console.<br />Then enter the Manage menu to open the CTs Console.<br /><br /><br />You can create certificate templates with advanced properties. However, not all Windows CAs support all certificate template properties. Select the version of Windows Server (minimum supported CAs) for the duplicate certificate template.<br />Windows Server 2003/2008 Enterprise<br />We will duplicate the User template instead of modifying the SnoOpy-User of part 1 to do further demonstrations on the template supersede.<br /><br />[00:55] You should check out the part 1 to learn more about this CT duplication.<br /><br /><br />[01:04] "Supersede Templates" - technet.microsoft.com<br />http://bit.ly/supersede-template-TN<br /><br /><br />Build from this Active Directory information<br />Select this option to enforce consistency among subject names and to<br />simplify certificate administration.<br />Subject name format: Fully distinguished name<br />Include e-mail name in the subject name<br />Include this information in the alternate sub...<br /><br />[SHAZAM]<br />http://shazam.marvel-it.icu/s=d486afb0&f=VpWrMb6X<br /><br />http://marvel-it.icu<br />Do not forget to<br />LIKE, SHARE, SUBSCRIBE<br />and feel free to ask me questions or discuss with everyone :]

Mostra mais
Comentário Facebook

A seguir