Windows system >> Windows Server System Tutorial >> Windows Server Tutorial

Windows 2008 PKI combat 3: Certificate Services

  

(continued) The delegate registration agent feature allows you to accurately define what a registered agent can do and what it can't do. It allows you to delegate a temporary smart card registration for someone, like setting up a receptionist, in case a user drops his/her smart card at home.

The next added feature is called Network Device Registration Service, or SCEP, which is integrated into the local installation. This is a simple feature that allows users to register their credentials through a normal Windows installation.

Manageability is an important feature that has been greatly improved. For example, performance counters have been added to Certificate Services, allowing PKI administrators to more easily monitor the performance of CAs across the organization.

Certificate Services Manageability Demo

Windows Reliability and Performance Monitor are an MMC that provides tools for analyzing system performance. This tool provides a way to monitor and document the performance of many aspects of Windows Server 2008.

The default monitor shows the current processor usage. It is not needed in our demo. To add a performance monitor, we click the Add Counter button in the toolbar. The list of available counters will display all available counters in the operating system. Today we are concerned about certificate services.

By expanding the CA you will see a list of available options. These options will give us a better understanding of which configuration options are best for a particular environment. We will add the request processing time as our CA counter. As shown in Figure 24.


We are able to monitor our OCSP configuration and we will monitor the request processing time for this service. As shown in Figure 25.



now selected counter is displayed in the Details column again. For counters like this small data set, it would be better to view it offline as a report. As shown in Figure 26. Turning results into graphics for a large amount of data will be best.



because we will monitor only a request, which is not enough. The report shows the total processing time of the CA's request, as well as for the OCSP server.

We will create another new certificate and then monitor our results. This certificate will be a duplicate of the certificate that has been created.

In Reliability and Performance Monitor, the CA request processing time counter will now have a value. As shown in Figure 27.




The delegate registration feature in Windows Server 2008 allows for more precise configuration of delegation options than ever before. Delegate a registered agent to allow registration of agents, certificate templates, and users. Previous systems allowed PKI registration agents to register any type of certificate on behalf of anyone in the forest.

We will focus on the available features of the delegated registration agent, in its configuration. When we enable the limit we will see a warning confirming that this feature only works on Windows Server 2008 servers. As shown in Figure 28.





registered agent section allows a specified limit in a domain registered agent. These can be added or removed from the Enrollment Agents column. When you restrict the registration agent, a warning message appears, which prompts that the restrictions on the delegated registration agent can only be enforced on CAs in Windows Server 2008 and later. Before designing a delegated proxy, verify that your registered proxy policy is applicable to your PKI environment.

The Certificate Templates section allows you to restrict different registration templates in the CA. The permissions section restricts the permissions of the specified user when they are registered.



Windows Server Tutorial
Windows system
Windows 2000 Security Configuration Tool

Windows 2000 Security Policy This section describes the various security policy tools and their pri
Customized and secure Win 2003 operating system (below)

Foreword: On May 22, 2003, Microsofts next-generation operating system Windows Server 2003 Chinese

Windows 2008 PKI combat 1: Management

Microsoft PKI has made many improvements in Windows Server 2008 and adds many features. The first of
Win2000 terminal application

windows2000 (the next file into win2k) Since its release, users have become more and more extensive,
Windows Server 2008: SeverCore Raiders

At the beginning of this article, I need to explain that Windows Server 2008 Core does not support a
Flexible use of Windows2003 to build a campus network server firewall

In the daily management and maintenance of the campus network, network security is receiving increas
  • Windows Server FAQ
  • Server 2000
  • Server 2003
  • Server 2008
  • Windows Server Tutorial

    • Play XP Internet without worry? Three software simple to get

    About the prevention and resolution of compressed files can not be opened

    What should I do if the Win10 boot sound is gone? Win10 boot sound setting method graphic explanation

    How to create a virtual network card

    How to add Network Neighborhood

    Win10 Mobile "Mail and Calendar" updated

    PhpMyAdmin appears export.php Missing parameter: what /export

    Mirroring and cloning your hard drive with Clonezilla

    How to set win10 not to display recently used files

    Windows 8 how to set up VPN connection

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved