| Author |
Message |
Griff
Guest
|
 Posted:
Mon Feb 14, 2005 10:17 pm Post subject:
2003 Standard CA Stand Alone Vs. Enterprise |
|
|
My company wants to secure VPN traffic and executive emails using
certificates. With the limitations of 2003 standard, can I do this? If so
should I install the CA as an Enterprise or stand alone? Thanks |
|
| Back to top |
|
 |
Mark Gamache
Guest
|
| Posted:
Tue Feb 15, 2005 1:54 am Post subject:
Re: 2003 Standard CA Stand Alone Vs. Enterprise |
|
|
In general, you want the Enterprise CA. It directly interfaces with AD
which makes management much easier. There might be specific design
considerations in your environment that may change that, but it is unlikely.
--
Mark Gamache
Certified Security Solutions
http://www.css-security.com
"Griff" <Griff@discussions.microsoft.com> wrote in message
news:ADD7F834-9C85-46E9-9B03-AE81656A9D3E@microsoft.com...
| Quote: | My company wants to secure VPN traffic and executive emails using
certificates. With the limitations of 2003 standard, can I do this? If so
should I install the CA as an Enterprise or stand alone? Thanks |
|
|
| Back to top |
|
|
Steven L Umbach
Guest
|
| Posted:
Tue Feb 15, 2005 6:48 am Post subject:
Re: 2003 Standard CA Stand Alone Vs. Enterprise |
|
|
An Enterprise CA makes more sense for an AD domain. Windows 2003 Standard
however does not have the more advanced feature of Windows 2003 Enterprise,
namely version 2 templates which can be used for autoenrollment for users
and computers. You can however enable automatic request for computer
certificates via Group Policy. --- Steve
"Griff" <Griff@discussions.microsoft.com> wrote in message
news:ADD7F834-9C85-46E9-9B03-AE81656A9D3E@microsoft.com...
| Quote: | My company wants to secure VPN traffic and executive emails using
certificates. With the limitations of 2003 standard, can I do this? If so
should I install the CA as an Enterprise or stand alone? Thanks |
|
|
| Back to top |
|
|
Griff
Guest
|
| Posted:
Tue Feb 15, 2005 8:19 pm Post subject:
Re: 2003 Standard CA Stand Alone Vs. Enterprise |
|
|
Can I make the Version 1 Certs work in a 2003 VPN and Exchange environment
"Steven L Umbach" wrote:
| Quote: | An Enterprise CA makes more sense for an AD domain. Windows 2003 Standard
however does not have the more advanced feature of Windows 2003 Enterprise,
namely version 2 templates which can be used for autoenrollment for users
and computers. You can however enable automatic request for computer
certificates via Group Policy. --- Steve
"Griff" <Griff@discussions.microsoft.com> wrote in message
news:ADD7F834-9C85-46E9-9B03-AE81656A9D3E@microsoft.com...
My company wants to secure VPN traffic and executive emails using
certificates. With the limitations of 2003 standard, can I do this? If so
should I install the CA as an Enterprise or stand alone? Thanks
|
|
|
| Back to top |
|
|
Steven L Umbach
Guest
|
| Posted:
Tue Feb 15, 2005 9:48 pm Post subject:
Re: 2003 Standard CA Stand Alone Vs. Enterprise |
|
|
Sure. You just don't have the flexibility to customize the template and use
autoenrollment for users with version 1 templates. The link below is to the
PKI guide for the W2003 Deployment Kit. -- Steve
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/DSSCH_PKI_OVERVIEW.asp
http://tinyurl.com/6ywg6 --- same link as above, shorter.
"Griff" <Griff@discussions.microsoft.com> wrote in message
news:4CCB5628-654C-48D6-A8CD-0258FFE6BF71@microsoft.com...
| Quote: | Can I make the Version 1 Certs work in a 2003 VPN and Exchange environment
"Steven L Umbach" wrote:
An Enterprise CA makes more sense for an AD domain. Windows 2003 Standard
however does not have the more advanced feature of Windows 2003
Enterprise,
namely version 2 templates which can be used for autoenrollment for users
and computers. You can however enable automatic request for computer
certificates via Group Policy. --- Steve
"Griff" <Griff@discussions.microsoft.com> wrote in message
news:ADD7F834-9C85-46E9-9B03-AE81656A9D3E@microsoft.com...
My company wants to secure VPN traffic and executive emails using
certificates. With the limitations of 2003 standard, can I do this? If
so
should I install the CA as an Enterprise or stand alone? Thanks
|
|
|
| Back to top |
|
|
Griff
Guest
|
| Posted:
Thu Feb 17, 2005 12:13 am Post subject:
Re: 2003 Standard CA Stand Alone Vs. Enterprise |
|
|
Thanks for the help!! I have installed the Enterprise Root CA and a Sub to
issue through the web. Is there any special consideration to make this work
with email? The root is on the exchange server, but I am having difficulties
encrypting and signing messages. Any additional help would be great....
"Steven L Umbach" wrote:
| Quote: | Sure. You just don't have the flexibility to customize the template and use
autoenrollment for users with version 1 templates. The link below is to the
PKI guide for the W2003 Deployment Kit. -- Steve
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/DSSCH_PKI_OVERVIEW.asp
http://tinyurl.com/6ywg6 --- same link as above, shorter.
"Griff" <Griff@discussions.microsoft.com> wrote in message
news:4CCB5628-654C-48D6-A8CD-0258FFE6BF71@microsoft.com...
Can I make the Version 1 Certs work in a 2003 VPN and Exchange environment
"Steven L Umbach" wrote:
An Enterprise CA makes more sense for an AD domain. Windows 2003 Standard
however does not have the more advanced feature of Windows 2003
Enterprise,
namely version 2 templates which can be used for autoenrollment for users
and computers. You can however enable automatic request for computer
certificates via Group Policy. --- Steve
"Griff" <Griff@discussions.microsoft.com> wrote in message
news:ADD7F834-9C85-46E9-9B03-AE81656A9D3E@microsoft.com...
My company wants to secure VPN traffic and executive emails using
certificates. With the limitations of 2003 standard, can I do this? If
so
should I install the CA as an Enterprise or stand alone? Thanks
|
|
|
| Back to top |
|
|
Steven L Umbach
Guest
|
| Posted:
Thu Feb 17, 2005 6:48 am Post subject:
Re: 2003 Standard CA Stand Alone Vs. Enterprise |
|
|
You will have to issue [have them request] the proper certificates to the
users such as the user certificate. They can do that via Web Enrollment or
by opening the certificate mmc snapin for users, go to the
personal/certificates folder, right click, select all tasks - request
certificate. By default domain computers should already trust the Enterprise
CA but you can check to make sure the CA's certificate shows in the trusted
root CA folder. User certificate should already be available for users.
Beyond that since I don't use Exchange I suggest you post in one of the
Exchange newsgroups for the fine details to get things working
moothly. --- Steve
"Griff" <Griff@discussions.microsoft.com> wrote in message
news:01D9EC01-DB0E-4498-8D2A-5FB9C315E707@microsoft.com...
| Quote: | Thanks for the help!! I have installed the Enterprise Root CA and a Sub to
issue through the web. Is there any special consideration to make this
work
with email? The root is on the exchange server, but I am having
difficulties
encrypting and signing messages. Any additional help would be great....
"Steven L Umbach" wrote:
Sure. You just don't have the flexibility to customize the template and
use
autoenrollment for users with version 1 templates. The link below is to
the
PKI guide for the W2003 Deployment Kit. -- Steve
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/DSSCH_PKI_OVERVIEW.asp
http://tinyurl.com/6ywg6 --- same link as above, shorter.
"Griff" <Griff@discussions.microsoft.com> wrote in message
news:4CCB5628-654C-48D6-A8CD-0258FFE6BF71@microsoft.com...
Can I make the Version 1 Certs work in a 2003 VPN and Exchange
environment
"Steven L Umbach" wrote:
An Enterprise CA makes more sense for an AD domain. Windows 2003
Standard
however does not have the more advanced feature of Windows 2003
Enterprise,
namely version 2 templates which can be used for autoenrollment for
users
and computers. You can however enable automatic request for computer
certificates via Group Policy. --- Steve
"Griff" <Griff@discussions.microsoft.com> wrote in message
news:ADD7F834-9C85-46E9-9B03-AE81656A9D3E@microsoft.com...
My company wants to secure VPN traffic and executive emails using
certificates. With the limitations of 2003 standard, can I do this?
If
so
should I install the CA as an Enterprise or stand alone? Thanks
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in