LDAP/S

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

I haven't run a CA before and want to know if there will be any side-effects
to setting one up to support LDAP/S. I have a Win2k3 domain.

One of our linux guys wrote a password changing routine to update users'
windows accounts which runs from a linux box. Of course, this routine could
have been easily written on the windows side and made available but ...

Anyway, he now wants a CA installed in the domain to support LDAP/S which is
needed to make the password update. Is this something I can do quickly
without impacting either the domain as it exists now or our ability to
implement a proper pki structure later?

I'm not looking for someone to explain how to do it; I sure I can find info
on that. All I need to know is <b>IF</b> I pull out a how-to article on
installing a CA and do it with minimal understanding, will I regret it
later?

thanks,
bob

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

A Certificate Authority can be very useful in the domain. If possible
install it on a Enterprise version of Windows 2003 Server so that you can
install an Enterprise Certificate Authority that will be able to take
advantage of version 2 templates and autoenrollment for XP Pro computer and
users. Keep in mind that you want your root CA to be physically secure to
minimize possiblity of compromise of your PKI. You also want to make sure
that for now only certificates you want issued are issued. You can do such
by modifying the permssions on the certificate templates. A user/computer
needs enroll permission to obtain a certificate. --- Steve

http://www.microsoft.com/technet/security/prodtech/windows2000/secmod154.mspx


"Bob Weiner" <bob@engr.uconn.edu> wrote in message
news:eZrI9RbUFHA.2664@TK2MSFTNGP15.phx.gbl...
>I haven't run a CA before and want to know if there will be any
>side-effects to setting one up to support LDAP/S. I have a Win2k3 domain.
>
> One of our linux guys wrote a password changing routine to update users'
> windows accounts which runs from a linux box. Of course, this routine
> could have been easily written on the windows side and made available but
> ...
>
> Anyway, he now wants a CA installed in the domain to support LDAP/S which
> is needed to make the password update. Is this something I can do quickly
> without impacting either the domain as it exists now or our ability to
> implement a proper pki structure later?
>
> I'm not looking for someone to explain how to do it; I sure I can find
> info on that. All I need to know is <b>IF</b> I pull out a how-to article
> on installing a CA and do it with minimal understanding, will I regret it
> later?
>
> thanks,
> bob
>
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

got on a tangent and forgot I posted the question.

Thanks!
bob



"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:uVCrwRfUFHA.928@TK2MSFTNGP15.phx.gbl...
>A Certificate Authority can be very useful in the domain. If possible
>install it on a Enterprise version of Windows 2003 Server so that you can
>install an Enterprise Certificate Authority that will be able to take
>advantage of version 2 templates and autoenrollment for XP Pro computer and
>users. Keep in mind that you want your root CA to be physically secure to
>minimize possiblity of compromise of your PKI. You also want to make sure
>that for now only certificates you want issued are issued. You can do such
>by modifying the permssions on the certificate templates. A user/computer
>needs enroll permission to obtain a certificate. --- Steve
>
> http://www.microsoft.com/technet/security/prodtech/windows2000/secmod154.mspx
>
>
> "Bob Weiner" <bob@engr.uconn.edu> wrote in message
> news:eZrI9RbUFHA.2664@TK2MSFTNGP15.phx.gbl...
>>I haven't run a CA before and want to know if there will be any
>>side-effects to setting one up to support LDAP/S. I have a Win2k3 domain.
>>
>> One of our linux guys wrote a password changing routine to update users'
>> windows accounts which runs from a linux box. Of course, this routine
>> could have been easily written on the windows side and made available but
>> ...
>>
>> Anyway, he now wants a CA installed in the domain to support LDAP/S which
>> is needed to make the password update. Is this something I can do
>> quickly without impacting either the domain as it exists now or our
>> ability to implement a proper pki structure later?
>>
>> I'm not looking for someone to explain how to do it; I sure I can find
>> info on that. All I need to know is <b>IF</b> I pull out a how-to
>> article on installing a CA and do it with minimal understanding, will I
>> regret it later?
>>
>> thanks,
>> bob
>>
>>
>>
>>
>
>