11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.

Slides:



Advertisements
Similar presentations
Chapter Five Users, Groups, Profiles, and Policies.
Advertisements

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Planning a Public Key Infrastructure
Deploying and Managing Active Directory Certificate Services
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Lesson 17: Configuring Security Policies
Lecture 23 Internet Authentication Applications
Chapter 9 Deploying IIS and Active Directory Certificate Services
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Chapter 11: Active Directory Certificate Services
12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Configuring Active Directory Certificate Services Lesson 13.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.
Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Managing Network Security ref: Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
Designing Active Directory for Security
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 22 Local Security Polcies 1.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
Configuring Directory Certificate Services Lesson 13.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
1 Administering Shared Folders Understanding Shared Folders Planning Shared Folders Sharing Folders Combining Shared Folder Permissions and NTFS Permissions.
Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Windows 2000 Certificate Authority By Saunders Roesser.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.
Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Creating and Managing Digital Certificates Chapter Eleven.
The world leader in serving science Overview of Thermo 21 CFR Part 11 tools Overview of software used by multiple business units within the Spectroscopy.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Maintaining and Updating Windows Server 2008 Lesson 8.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
Configuring Windows Firewall with Advanced Security
Greta Mameniskyte IV course 3rd group
PLANNING A SECURE BASELINE INSTALLATION
Presentation transcript:

11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION2 OVERVIEW  Describe public key encryption  Describe the contents of a certificate  Describe the function of a certificate authority (CA)  List the types of certificates a Microsoft Windows Server 2003 CA can issue  Describe public key encryption  Describe the contents of a certificate  Describe the function of a certificate authority (CA)  List the types of certificates a Microsoft Windows Server 2003 CA can issue

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION3 OVERVIEW (CONTINUED)  Describe the structure of a CA hierarchy  List the differences between enterprise and stand-alone CAs  Configure certificate parameters  Understand the benefits and limitations of password policies  Administer and troubleshoot authentication  Describe the structure of a CA hierarchy  List the differences between enterprise and stand-alone CAs  Configure certificate parameters  Understand the benefits and limitations of password policies  Administer and troubleshoot authentication

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION4 INTRODUCING THE PUBLIC KEY INFRASTRUCTURE  A PKI is a collection of software components and operational policies that govern the distribution and use of public and private keys using digital certificates.

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION5 UNDERSTANDING SECRET KEY ENCRYPTION

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION6 ENCRYPTING DATA

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION7 DIGITALLY SIGNING DATA  Digital signing refers to the process of using your private key to encrypt all or part of a piece of data.  Digitally signed data, encrypted with your private key, can be decrypted only by using your public key.  Digital signing prevents other users from impersonating you by sending data in your name.  Digital signing refers to the process of using your private key to encrypt all or part of a piece of data.  Digitally signed data, encrypted with your private key, can be decrypted only by using your public key.  Digital signing prevents other users from impersonating you by sending data in your name.

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION8 VERIFYING DATA  Hash values, or checksums, are used to guarantee the data has not been modified since the hash value was created.  The receiving system verifies the hash value to determine whether the data has been altered.  Hash values, or checksums, are used to guarantee the data has not been modified since the hash value was created.  The receiving system verifies the hash value to determine whether the data has been altered.

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION9 UNDERSTANDING CERTIFICATE CONTENTS  Digital certificates contain the public key for a particular entity plus information about the entity.  Almost all certificates conform to the standardization division of the International Telecommunication Union (ITU-T) standard X.509 (03/00), “The Directory: Public-Key and Attribute Certificate Frameworks.”  Standardization of certificate format is important; otherwise, exchange of certifications and keys would be difficult.  Digital certificates contain the public key for a particular entity plus information about the entity.  Almost all certificates conform to the standardization division of the International Telecommunication Union (ITU-T) standard X.509 (03/00), “The Directory: Public-Key and Attribute Certificate Frameworks.”  Standardization of certificate format is important; otherwise, exchange of certifications and keys would be difficult.

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION10 USING CERTIFICATES  Digital certificates are documents that verifiably associate a public key with a particular person or organization.  Certificates are obtained from an administrative entity called a certificate authority (CA).  The CA issues a public key and a private key as a matched pair. The private key is stored on the user’s computer, and the public key is issued as part of a certificate.  Digital certificates are documents that verifiably associate a public key with a particular person or organization.  Certificates are obtained from an administrative entity called a certificate authority (CA).  The CA issues a public key and a private key as a matched pair. The private key is stored on the user’s computer, and the public key is issued as part of a certificate.

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION11 USING INTERNAL AND EXTERNAL CERTIFICATE AUTHORITIES  For a certificate to be useful, it must be issued by an authority that both parties trust to verify each other’s identity.  Within an organization, you can use Windows Server 2003 Certificate Services, a service that enables the computer to function as a CA.  When communicating with external entities, a trusted third-party certificate issuer can be used.  For a certificate to be useful, it must be issued by an authority that both parties trust to verify each other’s identity.  Within an organization, you can use Windows Server 2003 Certificate Services, a service that enables the computer to function as a CA.  When communicating with external entities, a trusted third-party certificate issuer can be used.

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION12 UNDERSTANDING PUBLIC KEY INFRASTRUCTURE FUNCTIONS  With a PKI in place, you can  Publish certificates  Enroll clients  Use certificates  Renew certificates  Revoke certificates  With a PKI in place, you can  Publish certificates  Enroll clients  Use certificates  Renew certificates  Revoke certificates

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION13 DESIGNING A PUBLIC KEY INFRASTRUCTURE  Planning a PKI typically consists of the following basic steps:  Defining certificate requirements  Creating a CA infrastructure  Configuring certificates  Planning a PKI typically consists of the following basic steps:  Defining certificate requirements  Creating a CA infrastructure  Configuring certificates

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION14 DEFINING CERTIFICATE REQUIREMENTS  When designing a PKI, you must determine  What your client’s security needs are  How certificates can help fulfill those needs  Which users, computers, services, and applications will use certificates  What kinds of certificates your clients need  When designing a PKI, you must determine  What your client’s security needs are  How certificates can help fulfill those needs  Which users, computers, services, and applications will use certificates  What kinds of certificates your clients need

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION15 CREATING A CERTIFICATE AUTHORITY INFRASTRUCTURE

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION16 USING INTERNAL OR EXTERNAL CAS AdvantagesDisadvantages Internal CA  Direct control over certificates  No per-certificate fees  Can be integrated into Active Directory  Allows configuring and expanding PKI for minimal cost  Increased certificate management overhead  Longer, more complex deployment  Organization must accept liability for PKI failures  Limited trust by external customers External CA  Instills customers with greater confidence in the organization  Provider liable for PKI failures  Expertise needed in the technical and legal ramifications of certificate use  Reduced management overhead  High cost per certificate  No auto-enrollment possible  Less flexibility in configuring and managing certificates  Limited integration with the organization’s infrastructure

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION17 HOW MANY CERTIFICATE AUTHORITIES?  A single CA running on Windows Server 2003 can support as many as 35 million certificates and can issue 2 million or more a day, depending on the system specifications.  System performance is a factor in determining how many CAs should be implemented. Issuing certificates can be disk and processor intensive.  Multiple CAs can be implemented for fault tolerance or load-distribution reasons.  A single CA running on Windows Server 2003 can support as many as 35 million certificates and can issue 2 million or more a day, depending on the system specifications.  System performance is a factor in determining how many CAs should be implemented. Issuing certificates can be disk and processor intensive.  Multiple CAs can be implemented for fault tolerance or load-distribution reasons.

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION18 CREATING A CERTIFICATE AUTHORITY HIERARCHY

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION19 UNDERSTANDING WINDOWS SERVER 2003 CERTIFICATE AUTHORITY TYPES  Enterprise CAs:  Are integrated into Active Directory  Can be used only by Active Directory clients  Stand-alone CAs:  Do not automatically respond to certificate enrollment requests  Are intended for users outside the enterprise that submit requests for certificates  Enterprise CAs:  Are integrated into Active Directory  Can be used only by Active Directory clients  Stand-alone CAs:  Do not automatically respond to certificate enrollment requests  Are intended for users outside the enterprise that submit requests for certificates

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION20 CONFIGURING CERTIFICATES  Criteria to consider when configuring certificates include the following:  Certificate type  Encryption key length and algorithm  Certificate lifetime  Renewal policies  Criteria to consider when configuring certificates include the following:  Certificate type  Encryption key length and algorithm  Certificate lifetime  Renewal policies

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION21 MANAGING CERTIFICATES  Certificate enrollment and renewal  Manually requesting certificates  Revoking certificates  Certificate enrollment and renewal  Manually requesting certificates  Revoking certificates

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION22 UNDERSTANDING CERTIFICATE ENROLLMENT AND RENEWAL Autoenrollment:  The CA determines whether a certificate request is valid and issues or denies a certificate accordingly. Only occurs on Enterprise CAs in an Active Directory environment. Manual enrollment:  An administrator monitors the CA for incoming requests and determines whether a certificate should be issued on a request-by-request basis. Used by stand-alone CAs. Autoenrollment:  The CA determines whether a certificate request is valid and issues or denies a certificate accordingly. Only occurs on Enterprise CAs in an Active Directory environment. Manual enrollment:  An administrator monitors the CA for incoming requests and determines whether a certificate should be issued on a request-by-request basis. Used by stand-alone CAs.

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION23 USING AUTOENROLLMENT

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION24 USING MANUAL ENROLLMENT  When using stand-alone CAs, the administrator must grant or deny requests for certificates through the Certification Authority console.  Incoming certificate enrollment requests appear in the Pending Requests folder.  The administrator must check the folder on a regular basis.  When using stand-alone CAs, the administrator must grant or deny requests for certificates through the Certification Authority console.  Incoming certificate enrollment requests appear in the Pending Requests folder.  The administrator must check the folder on a regular basis.

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION25 MANUALLY REQUESTING CERTIFICATES  Manual enrollment can be performed in two ways:  Using the Certificates snap-in  Using Web enrollment  Manual enrollment can be performed in two ways:  Using the Certificates snap-in  Using Web enrollment

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION26 USING THE CERTIFICATES SNAP-IN

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION27 USING WEB ENROLLMENT

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION28 REVOKING CERTIFICATES  Several conditions can prompt an administrator to revoke a certificate:  If a private key is compromised  If it is suspected or proved that an unauthorized user has gained access to the CA  If the administrator wants to issue a certificate using different parameters (such as longer keys)  Several conditions can prompt an administrator to revoke a certificate:  If a private key is compromised  If it is suspected or proved that an unauthorized user has gained access to the CA  If the administrator wants to issue a certificate using different parameters (such as longer keys)

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION29 SECURING AND TROUBLESHOOTING AUTHENTICATION  User names and password combinations remain the predominant method of authentication.  The relatively insecure nature of user names and passwords requires that policies be in place to regulate and monitor their use.  System and network administrators often spend a large amount of time dealing with authentication-related issues and tasks.  User names and password combinations remain the predominant method of authentication.  The relatively insecure nature of user names and passwords requires that policies be in place to regulate and monitor their use.  System and network administrators often spend a large amount of time dealing with authentication-related issues and tasks.

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION30 SECURING AUTHENTICATION WITH POLICY  Active Directory in Windows Server 2003 supports security policies to strengthen passwords and their use.  Policies should be sufficiently daunting to attackers while being sufficiently convenient for users.  Only the Default Domain Policy influences domain account policy.  Active Directory in Windows Server 2003 supports security policies to strengthen passwords and their use.  Policies should be sufficiently daunting to attackers while being sufficiently convenient for users.  Only the Default Domain Policy influences domain account policy.

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION31 PASSWORD POLICY  Password policy:  Prevents reuse of the same password  Defines how often users must or can change their password  Defines the minimum number of characters in a password  Defines what constitutes a strong password  Password policy:  Prevents reuse of the same password  Defines how often users must or can change their password  Defines the minimum number of characters in a password  Defines what constitutes a strong password

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION32 ACCOUNT LOCKOUT POLICY  Account Lockout Policy:  Defines how many invalid logon attempts are allowed before the account is locked out  Determines the period of time that must pass after a lockout before Active Directory will automatically unlock a user’s account  Specifies the time that must pass after an invalid logon attempt before the counter of invalid logon attempts resets to zero  Account Lockout Policy:  Defines how many invalid logon attempts are allowed before the account is locked out  Determines the period of time that must pass after a lockout before Active Directory will automatically unlock a user’s account  Specifies the time that must pass after an invalid logon attempt before the counter of invalid logon attempts resets to zero

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION33 CROSS-PLATFORM ISSUES  In environments with computers running Microsoft Windows 95, Windows 98, Windows Millennium Edition, or Windows NT 4.0, administrators must be aware of several issues:  Windows 95, Windows 98, and Windows Millennium Edition support only 14-character passwords.  Systems that run Windows 95, Windows 98, Windows Millennium Edition, and Windows NT 4.0 require Active Directory client software to access the full functionality of directory services.  Certain features are not provided by the Active Directory client in Windows 95, Windows 98, and Windows NT 4.0.  In environments with computers running Microsoft Windows 95, Windows 98, Windows Millennium Edition, or Windows NT 4.0, administrators must be aware of several issues:  Windows 95, Windows 98, and Windows Millennium Edition support only 14-character passwords.  Systems that run Windows 95, Windows 98, Windows Millennium Edition, and Windows NT 4.0 require Active Directory client software to access the full functionality of directory services.  Certain features are not provided by the Active Directory client in Windows 95, Windows 98, and Windows NT 4.0.

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION34 AUDITING AUTHENTICATION  Auditing of authentication can alert you to unauthorized attempts to access the system.  In low-security environments, it should be necessary to audit only failed logon attempts.  In high-security environments, recording successful logon attempts in addition can provide records of who accessed the system and when.  Auditing of authentication can alert you to unauthorized attempts to access the system.  In low-security environments, it should be necessary to audit only failed logon attempts.  In high-security environments, recording successful logon attempts in addition can provide records of who accessed the system and when.

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION35 AUDIT POLICIES  Audit policies allow you to record the following:  Successful and failed logon attempts to Active Directory  Account management tasks, including the creation and deletion of user accounts  Successful and failed logon attempts to the local system  Audit policies allow you to record the following:  Successful and failed logon attempts to Active Directory  Account management tasks, including the creation and deletion of user accounts  Successful and failed logon attempts to the local system

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION36 SECURITY EVENT LOG  Audit events are recorded in the Security log of Event Viewer on the system where the audit event took place.  Account Logon events must be monitored on each domain controller.  If enabled, Logon events must be monitored on the system on which the Logon event occurred.  Audit events are recorded in the Security log of Event Viewer on the system where the audit event took place.  Account Logon events must be monitored on each domain controller.  If enabled, Logon events must be monitored on the system on which the Logon event occurred.

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION37 ADMINISTERING AND TROUBLESHOOTING AUTHENTICATION  Common administrative tasks include the following:  Unlocking a user account  Resetting user passwords  Disabling, enabling, renaming, and deleting user objects  Common administrative tasks include the following:  Unlocking a user account  Resetting user passwords  Disabling, enabling, renaming, and deleting user objects

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION38 SUMMARY  A PKI is a collection of software components and operational policies that govern the distribution and use of public and private keys.  Certificates are issued by a CA.  The first step in planning a PKI is to study the security enhancements certificates provide and determine which security requirements you can satisfy with them.  When running multiple CAs in an enterprise, you configure them in a hierarchy.  Certificates can be configured to match the requirements of the organization.  Only enterprise CAs can use autoenrollment.  A PKI is a collection of software components and operational policies that govern the distribution and use of public and private keys.  Certificates are issued by a CA.  The first step in planning a PKI is to study the security enhancements certificates provide and determine which security requirements you can satisfy with them.  When running multiple CAs in an enterprise, you configure them in a hierarchy.  Certificates can be configured to match the requirements of the organization.  Only enterprise CAs can use autoenrollment.

Chapter 10: CERTIFICATE SERVICES AND SECURE AUTHENTICATION39 SUMMARY (CONTINUED)  For a client to receive certificates using autoenrollment, it must have permission to use the certificate template for the type of certificate it is requesting.  Stand-alone CAs do not use certificates or autoenrollment. Certificate requests are stored in a queue on the CA until an administrator approves or denies them.  CAs publish CRLs at regular intervals to inform authenticating computers of certificates they should no longer honor.  The Default Domain Policy drives account policies, including the Password policy and Account Lockout Policy.  The Default Domain Controllers Policy specifies key auditing policies for domain controllers.  Auditing for authentication generates events in each domain controller’s Security logs.  For a client to receive certificates using autoenrollment, it must have permission to use the certificate template for the type of certificate it is requesting.  Stand-alone CAs do not use certificates or autoenrollment. Certificate requests are stored in a queue on the CA until an administrator approves or denies them.  CAs publish CRLs at regular intervals to inform authenticating computers of certificates they should no longer honor.  The Default Domain Policy drives account policies, including the Password policy and Account Lockout Policy.  The Default Domain Controllers Policy specifies key auditing policies for domain controllers.  Auditing for authentication generates events in each domain controller’s Security logs.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.