(continued) In the past, auto-enrollment was part of the WINLogoN process in Windows, exposing it to more attacks. In fact, all Windows NT services have been redesigned as a WMI task. This means that Windows Vista and Windows Server 2008 components will not have as many exploits as Windows Server 2003 and Windows XP.
The advance notification feature before the certificate expires is also added. In other words, it is to notify the user when a certificate is about to terminate or has terminated. The related scenario is that when auto-enrollment is not enabled, the computer cannot automatically update or register a certificate on behalf of the user.
Credential Roaming
As mentioned earlier, credential roaming has been introduced in Windows Server 2003 SP1 and is now an integral part of Windows Server 2008.
The purpose of credential roaming is to reduce the copying of credentials for different computers, which copies the encryption key to the user's computer through Active Directory.
When a user logs in to the computer, authentication information is sent to the server where the public and private keys are exchanged. Typically, the user's credentials will be transferred between workstations by using a roaming profile, which causes an increase in load.
By credential roaming, the user's public and private keys will follow the user's Active Directory object regardless of which computer they use. For active or roaming users, this improves email protection, user authentication, and the ability to deploy smart cards.
Demonstration of registration and credential roaming
In Windows Server 2008, the registered user interface has been improved a lot. At the same time, usability, flexibility and support are enhanced. For the sake of simplicity, we will register a new certificate from the same computer, our CA server. Normally, we can register from any computer or server in the domain. We open the certificate MMC. The personal folder located under our current certificate user tree will display all current certificates for that user. As shown in Figure 14.
In this demonstration, we will request a new user certificate. We can do it through the Action menu. The Registered User Interface gives us a lot of new options compared to the previous version. We will only configure the server to accept some different types of authentication, but we can see these available options even if they are not being used. As shown in Figure 15.
we can assign the certificate directly to a computer. This is not a default option because the credentials are roaming. As shown in Figure 16.
User Option Details view can be expanded and before the certificate is created. The Certificate Properties window will give us further personalization of the certificate before it is submitted.
We can assign a test name to the certificate if we need to identify it later. As shown in Figure 17. The Subject column gives us the opportunity to assign a specific attribute to the user's certificate. The holder of the private key associated with the certificate is called the subject. It can be a user, a program, or any object or service that is virtual. Because depending on who or what topic it is, there is some flexibility in providing the subject name when requesting a certificate. Windows either automatically generates the topic name or manually requests it from the topic. If it automatically provides the subject name, Windows gets this information from Active Directory. The name may be any object from the email name to the specified organizational unit. As shown in Figure 18.
Extensions column by a certificate to use a special type of extension. Each of these options can be edited. Key Usage allows us to make minor modifications to this configuration. As shown in Figure 19.
Basic Constraints details can be modified. As shown in Figure 20.
Private Key column shows the configuration options we certificate authority. The options in these entries can also be customized based on the features you want. As shown in Figure 21.
certificate authority bar simply confirm it first from which CA Find key requirements. As shown in Figure 22.
Finally, we were able to register the certificate, as shown in Fig. It will be saved on the local computer. These certificates can be viewed through the certificate MMC.
for the deployment of PKI infrastructure, the Certificate Services in manageability and ease of use have been enhanced.
The quickest way to access recently used folders is to use the Start → Documents menu. If you have t
In Windows 2000 Server, there are some auxiliary tools that may be used by special users. For exampl
In order to improve the management efficiency of the server system, network administrators often use
Windows Server 2008 RC0 version has been officially released for public testing. This version includ
Win2000 terminal implementation on diskless win9X
Windows2000 comprehensive optimization (2)
Win2000 system security countermeasures
Let Windows 2000 services run better
Win 2003 Terminal Server in LAN
How to migrate Windows 2003 to Windows 2008
98 and 2000 dual system problems
Win 2000 common system process list
Easily set up Win2003 WEB server
Teach you to apply for Windows Server 2008 serial number
Leading at the starting point - Win 2000 operating system startup optimization
FIFA 14 runs the flashback solution on Win8.1.
How to disable the "Program Compatibility Assistant"
About GHOST prompts can not find GHOSTERR.TXT solution
Win7 press the keyboard U button to pop up easy access how to solve?
How to make Windows 2003 more secure
How to thoroughly optimize the computer's full Raiders skills
The specific steps of the hard disk installation windows xp system
Win8 Touch Gesture Demonstration Guide Daquan: The World At Your Fingertips
The latest Win XP application skills five
Countermeasure for folder suspended animation under Win8/8.1 system