Chapter 9 Deploying IIS and Active Directory Certificate Services

Slides:



Advertisements
Similar presentations
Chapter 8 Managing Windows Server 2008 Network Services
Advertisements

Deploying and Managing Active Directory Certificate Services
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) Chapter 2 Installing Windows Server 2008.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.
Objectives Install, configure, and troubleshoot DNS
DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Chapter 11: Active Directory Certificate Services
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access.
CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Windows Server 2008 Chapter 8 Last Update
Senior Technical Writer
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.
Configuring Active Directory Certificate Services Lesson 13.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
Chapter 7: Using Windows Servers to Share Information.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Hands-On Microsoft Windows Server 2008
Chapter 6 Configuring Windows Server 2008 Printing
INSTALLING MICROSOFT EXCHANGE SERVER 2003 CLUSTERS AND FRONT-END AND BACK ‑ END SERVERS Chapter 4.
70-411: Administering Windows Server 2012
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Configuring Directory Certificate Services Lesson 13.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Two Installing and Configuring Exchange Server 2003.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,
Module 9: Fundamentals of Securing Network Communication.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Five Windows Server 2008 Remote Desktop Services,
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
Windows 2000 Certificate Authority By Saunders Roesser.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Module 1: Implementing Active Directory ® Domain Services.
Network Infrastructure Microsoft Windows 2003 Network Infrastructure MCSE Study Guide for Exam
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Creating and Managing Digital Certificates Chapter Eleven.
Module 13: Enterprise PKI Active Directory Certificate Services (AD CS)
1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.
Introduction to Active Directory
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Maintaining Network Health Lesson 10. Active Directory Certificates Services 2 A component of Microsoft Identity Lifecycle Management (ILM) ILM allow.
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
Chapter 7: Using Windows Servers
Basharat Institute of Higher Education
Securing the Network Perimeter with ISA 2004
Module 8: Securing Network Traffic by Using IPSec and Certificates
IIS.
Goals Introduce the Windows Server 2003 family of operating systems
Module 8: Securing Network Traffic by Using IPSec and Certificates
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Chapter 9 Deploying IIS and Active Directory Certificate Services MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 9 Deploying IIS and Active Directory Certificate Services

Learning Objectives Install, configure, and troubleshoot Microsoft Internet Information Services (IIS) Install, configure, and troubleshoot Active Directory Certificate Services MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Implementing Microsoft Internet Information Services Internet Information Services (IIS) Included with Windows Server 2008 Offer a complete Web site Benefits Fast Use of software applications to coordinate with an IIS server Internet Server Application Programming Interface (ISAPI) Group of DLL (dynamic link library) files that are applications and filters MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Implementing Microsoft Internet Information Services (cont’d.) Web Server (IIS) role Contains the World Wide Web services which are vital for a Web site File Transfer Protocol (FTP) service TCP/IP-based application protocol that handles file transfers over a network Simple Mail Transfer Protocol (SMTP) Works with e-mail services to accept incoming e-mail from the Internet and forward it to the recipient MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Implementing Microsoft Internet Information Services (cont’d.) Reasons Windows Server 2008 is a good candidate for a Web server Privileged-mode architecture Fault-tolerance capabilities Compatible with small and large databases Users can log into a database through the IIS Open Database Connectivity (ODBC) drivers Compatible with: Microsoft Point-to-Point Encryption (MPPE) security IP Security (IPsec) Secure Sockets Layer (SSL) encryption technique MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Implementing Microsoft Internet Information Services (cont’d.) IIS newly designed for Windows Server 2008 Broken into modules or features (role services) Install only the features you need Smaller attack surface More efficient MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Implementing Microsoft Internet Information Services (cont’d.) Table 9-1 Internet Information Services features (role services) MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Installing a Web Server Requirements Windows Server 2008 installed on the computer to host IIS TCP/IP installed on the IIS host Access to an Internet Service Provider (ISP) Sufficient disk space for IIS and for Web site files Method for resolving IP addresses to computer or domain names DNS and WINS MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Installing a Web Server (cont’d.) Activity 9-1: Installing IIS Objective: Learn how to install IIS MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Internet Information Services (IIS) Manager Capabilities Connect to a Web server Manage a Web server Manage ASP.NET Manage authorization for users and for specific Web server roles Manage Web server logging Compress Web server files Manage code modules and worker processes Manage server certificates Troubleshoot a Web server MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Internet Information Services (IIS) Manager (cont’d.) Figure 9-1 Using IIS Manager Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Creating a Virtual Directory Physical folder or a redirection to a Uniform Resource Locator (URL) that points to a folder Can be accessed over the Internet, an intranet, or VPN Reason for creating a virtual directory Provide a shortcut path to specific IIS server content Steps to set up a virtual directory MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Creating a Virtual Directory (cont’d.) Table 9-2 Virtual directory security options MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Creating a Virtual Directory (cont’d.) Figure 9-2 Properties of a virtual directory Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Creating a Virtual Directory (cont’d.) Set up the virtual directory to be shared So that users who need access to add contents to the directory can do this over the network Activity 9-2: Create a Virtual Directory Objective: Set up a virtual directory MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Creating a Virtual Directory (cont’d.) Table 9-3 Virtual directory share permissions MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Figure 9-3 Creating a virtual directory Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Managing and Configuring an IIS Web Server Manage IIS components including: Application pools Group similar Web applications for management Sites Manage multiple Web sites from one administrative Web server SMTP E-mail Manage Internet e-mail Certificates Configure and monitor certificate security used with other Web sites MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Managing and Configuring an IIS Web Server (cont’d.) Figure 9-5 Application Pools in IIS Manger Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Managing and Configuring an IIS Web Server (cont’d.) Table 9-4 Web site features to configure MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Managing and Configuring an IIS Web Server (cont’d.) Activity 9-3: Configuring a Web Site Objective: Learn basic Web site configuration Figure 9-6 Enabling directory browsing Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Troubleshooting a Web Server Table 9-5 Troubleshooting IIS MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Using Active Directory Certificate Services Public key infrastructure (PKI) Linking a public key or a combination of public and private keys to a user or network entity Uses a certificate authority to issue public key-based digital certificates to trustworthy network entities Certificate authority (CA) Network entity or host that issues digital certificates of trust verifying certificate holders’ legitimacy MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Using Active Directory Certificate Services (cont’d.) Public key Encryption method that uses a public key and private key combination Asymmetric encryption One key used to encrypt the data, and the other key used to decrypt it Public key/private key method Uses an encryption algorithm developed by Whitfield Diffie and Martin Hellman MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Using Active Directory Certificate Services (cont’d.) X.509 standards for digital certificates Developed by International Organization for Standardization (ISO) Function as proof of identity for a specific network entity MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Using Active Directory Certificate Services (cont’d.) X.509 certificate contains: Certificate format version Certificate serial number Signature algorithm identifier Certificate authority (certificate issuer) Length of time the certificate is valid ID of the certificate holder Public key data MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Using Active Directory Certificate Services (cont’d.) Active Directory Certificate Services role Available in Windows Server 2008 Standard, Enterprise, and Datacenter Editions Online Responder Service Determines the status of digital certifications Uses the Online Certificate Status Protocol (OCSP) to obtain and decode status information MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Planning Active Directory Certificate Services Understand the four kinds of CAs that can be set up in a Microsoft server environment Enterprise root CA Enterprise subordinate Standalone root Standalone subordinate Root CA is always configured before any other CAs MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Planning Active Directory Certificate Services (cont’d.) Figure 9-7 CA hierarchy Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Planning Active Directory Certificate Services (cont’d.) Implement enterprise root CA and enterprise subordinates Not standalone model Take into account the ways in which an organization can make most use of AD CS PKI with multiple subordinate CAs has built-in redundancy MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Planning Active Directory Certificate Services (cont’d.) Role services for Active Directory Certificate Services: Certificate Authority Certification Authority Web Enrollment Online Responder Network Device Enrollment service MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Certificate Services Roles Recommended to divide responsibilities for handling money and important security tasks in an organization AD CS enables dividing CA responsibilities into two roles: CA administrator Person or persons who manage the CA server Certificate manager Given to those who determine which users to enroll for certificates and when to revoke certificates MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Installing Active Directory Certificate Services Active Directory Certificate Services installed in the same way as other server roles Using Server Manager Activity 9-4: Installing Active Directory Certificate Services Objective: Learn how to install Active Directory Certificate Services MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Installing Active Directory Certificate Services (cont’d.) Figure 9-8 Configuring an enterprise CA Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Managing Active Directory Certificate Services Certification Authority tool tasks Set up CA security Assign certificate managers Start or stop the CA Back up the CA Restore the CA Renew a CA certificate View revoked, issued, failed, and pending certificates MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Managing Active Directory Certificate Services (cont’d.) Activity 9-5: Using the Certification Authority Tool Objective: Learn how to use the Certification Authority tool MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Figure 9-11 Security tab Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Using Autoenrollment Clients automatically enrolled for appropriate certificates as specified by certificate template Set up in a two-step process Configure autoenrollment in a certificate template Configure a group policy to enable autoenrollment Three levels of certificate templates Level 1 does not support autoenrollment MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Using Autoenrollment (cont’d.) Activity 9-6: Configuring a Certificate Template for Autoenrollment Objective: Set up an existing certificate template for autoenrollment Activity 9-7: Configuring a Group Policy for Autoenrollment Objective: Set up the autoenrollment group policy MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Using Autoenrollment (cont’d.) Figure 9-15 Configuring the autoenrollment policy Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Using Credential Roaming When user logs into the network Digital certificate information stored on the user’s computer is automatically synchronized with the digital certification information for that user stored in Active Directory Configured as a group policy MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Using Credential Roaming (cont’d.) Circumstances that launch synchronization through credential roaming When the client or Active Directory synchronize group policy settings When digital certificate information is updated When a user unlocks an account that has been automatically locked MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Using Credential Roaming (cont’d.) Activity 9-8: Configuring a Group Policy for Credential Roaming Objective: Set up a group policy for credential roaming Figure 9-16 Enabling credential roaming Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Network Device Enrollment Service Enables routers, switches, and other network devices to be enrolled for digital certificates through a CA Uses the Simple Certificate Enrollment Protocol (SCEP) and standardized X.509 digital certificates MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Web Enrollment Service For organizations that enable users to access network resources through the Web Rather than through user accounts Requires IIS be installed before installing Web Enrollment Clients must use Internet Explorer version 6 or higher Can be used only with Level 1 or 2 certificate templates MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Online Responder Service Service relies on OCSP (Online Certificate Status Protocol) Determine if a certificate is revoked One of two ways network applications determine which network entities have revoked certificates Other way is to use certificate revocation lists (CRLs) Benefits Faster determination and better security Can be used in conjunction with CRLs MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Online Responder Service (cont’d.) Benefits (cont’d.) Can be used with Kerberos password security Compatible with Web enrollment Uses CryptoAPI 2.0 infrastructure to provide high level of security MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Certificate Revocation Lists List of certificates that have been revoked CRL issuer is a CA CRL issued to client applications and devices which cache the CRL for future reference until the next CRL is issued Default method for determining certificates that have been revoked MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Figure 9-17 Extensions tab Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Figure 9-18 Configuring the CRL publication interval and delta CRLs Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Summary Implement Internet Information Services (IIS) Create a Windows Server 2008 Web server After installing a Web server, configure it to customize features Public key infrastructure (PKI) Use public and private keys through digital certificates Ensure users can be trusted Active Directory Certificate Services (AD CS) Implements a PKI using enterprise root and enterprise subordinate certificate authorities MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Summary (cont’d.) Certification Authority tool Manage a CA Configure Network Device Enrollment Service for added security Credential roaming Enables a user to log on from any computer and still operate with the same digital certificates Online Responder Service and CRLs Provide information about revoked digital certificates MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.