Regarding the Microsoft Security Update Supersedence and CPE Correspondence Issues
Recently, I obtained the Microsoft security update and CVE corresponding data through MSRC API, and encountered the following problems: The monthly Microsoft update JSON file contains each CVE and remediation patch KBID, and the supercedence KBID. Is…
Windows Forwarding Event Requirements
Hello, I am currently in an internship and I am studing CyberArk's PTA. For the lab I would use to illustrate the functionalities of the product, I need to use a Windows Forwarding Event Server. But the problem is that I don't really know what are…
Microsoft Trusted Root Program, Certificate Authority Intake Application Not Available.
The link (https://aka.ms/rootcertapply) which is mention in the article "Microsoft Trusted Root Program Certificate Authority Intake Process" is not working. How can I find this application to initiate Certificate Authority Intake Process ? …
Active Directory - Delegation- FSMO role transfert
Hello, I was wondering if it was "supported" by Microsoft to delegate the permission to transfert FSMO roles using ADSI permission. By design, only Domain Admins (or other) are able to transfert FSMO roles between domain controllers.…
Microsoft Trusted Root Program, Certificate Authority Intake Application Not Available.
We wanted to apply for Microsoft root certificate program. In order to initiate the process, as described in official Microsoft documentation we have to fill out a application and email the completed form to [msroot@microsoft.com]. But the provided link…
Certificate Enrollment Web Service (CES) and Certificate Enrollment Policy Web Service (CEP)
In Microsoft PKI while configuring the CEP and CES we are able to choose only one option for authentication. The options available are 1) Computer Integrated Authentication(Kerberos) 2) Client Certificate Authentication 3) Username and Password. How is…
Renewing Issuing CA cert but Policy CA is not around
Experts please excuse my naive-ness , not a PKI guru + I inherited this environment recently. Our developers started to complain that when they request a new cert the expiration shows 3/11/2022 no matter WHAT date is current. Turns out that the…
What is the best practice process (steps) for implementing Windows Server 2016 hardening
Hi, What is the best practice process (steps) for implementing Windows Server 2016 hardening using SCT (Security Compliance Toolkit)? How do we verify if SCT implemented properly and it works? Is there a tool that we can use to check? In case…
Certificate information
Hello, I read https://support.cloudways.com/difference-between-single-multiple-wildcard-ssl/ but I don't see much difference between the two types of certificate as all the ones we used seems to be issued individually for each server.... Which type…
How to list ssl certificates installed on windows server
Tengo que listar todos los certificados SSL instalados en todo el forest (mas de 600 servers desde 2003 hasta 2019) Solo se ver esta informacion con el comando certlm de manera manual. Requiero los campos: nombre de certificado, nombre servidor, fecha…
Audit LDAPS connections
Hello, I have more and more Active directory migration to do and lot of customer ignore if they have applications with LDAPS or not. Is there a way to find all communications done with LDAPS protocol like it exists for ldap ? Network listener on…
About the validity period of the certificate issued by ADCS of Windows Server 2019
I have a server running ADCS. It is in the domain. Its root certificate is valid for 10 years, but the certificate issued by the certificate template is only for a short period of time. I now hope to extend the validity period of the certificate issued…
Vulnerability CVE-2008-1446
We are running window server 2008 standard edition with SP2. Our security team has run a PCI Pen test on our web server and it came up with the report mentioned below. Our sites are hosted on IIS 7.0 . We have tried installing security patch KB953155…
AD CS: Deploying Cross-forest Certificate Enrollment
I’m having trouble with AD CS: Deploying Cross-forest Certificate Enrollment. I’ve followed the article’s for 2012 r2. Things just don’t seem to work. Right now I can see certificates assigned to a user. I am getting an error about the certificate…
PolicyCA Certificate Chain
if PolicyCA certificate renewed successfully and subordinate CA certificate still not yet renewed.. Will the issued certificate from IssCA will chain up to the new PolicyCA or that server/client certificate will show the old Policy in chain. Until…
Removing Certificate Server
Hi I am trying to promote a customers stand-alone server from a workgroup to a new domains domain controller but I found out that someone has already installed the Certificate Server on the server. Now I can´t promote the server to a domain…
Strange/unexpected behavior with NTFS, AD groups, and Kerberos Tokens while on VPN.
I have a question I need help to understand. I've been in IT for 20+ years. It has always been my understanding that when adding a user to a new Active Directory group, that group membership is not picked up until the user logs off the machine and logs…
WServer 2012 R2 and Exchange 2013 - Schannel error 36888 Error 70 State 105 after setting .NET 4.x reg key "SystemDefaultTlsVersions" to 1
I have a fresh install of Exchange 2013 deployed in coexistence with Exchange 2010. The first is on a Windows server 2012 R2, the second is on a Windows server 2008 R2. I do not have any issues at the moment on my Exchenge servers, nor from client…
Can I issue certs from an Enterprise CA for a different domain name?
We have an active directory domain named after one of two companies that merged to form our current company. Let's call it oldcompany1.com This is the AD domain we kept post merger. We did register a public Internet domain with the new company…
TaskFolder.RegisterTaskDefinition and TASK_LOGON_S4U
Hi. We're using TaskFolder.RegisterTaskDefinition in a powershell script in this manner: $tasksFolder.RegisterTaskDefinition( $taskName, $taskDefinition, 6, $logonName, $password, 2, $null ) | Out-Null The '2' there denotes a field…