You can ask technical questions about AD CS, PKI, or provide feedback about a document on this Security Forum. Please, remember to search the forum for your answer or issue before creating a new post.
If you are providing feedback about a specific document, please, begin your forum post with Content Feedback: followed by the issue or question. In your post, also place a hyperlink to the document with your question or comment. Doing so allows the multiple experts who monitor the forum the most efficient method for responding to your feedback or questions.
Also, if you have a public key infrastructure (PKI) or Active Directory Certificate Services (AD CS) question, please, check for the answer on the TechNet Wiki FAQ list http://aka.ms/adcsfaq
- Edited by Kurt L Hudson MSFTModerator Thursday, June 20, 2013 8:10 PM does not require two signatures
I plan to deploy smart card logon on windows server 2008 R2 using a USB token. I have a domain and an stand alone CA. Is there any step by step guide which explains the process from the scratch?
Please create a new thread for any questions you may have.
Hi Kurt, not sure if this is something I missed in the procedures? I currently have a setup deployed with a CEP/CES server using Username and Password Auth for external Non domain joined Workstations. All good can enrol and renew manually with no problem trough that service. (Win7 Devices)
Now I'm building another CEP/CES server specifically to achieve a auto enrolment to (Win8 devices non domain joined).
My questions to you are the following:
Do I need any Computer object in the domain for Auto renewal to work? I saw this in the http://social.technet.microsoft.com/wiki/contents/articles/7734.certificate-enrollment-web-services-in-active-directory-certificate-services.aspx I think that you published under the? "Ensure that a computer account exists in the forest of which the CA is a member that has the same computer name as the computer to which the certificate is to be issued"
Can I collocate all the above on a single box? CEP instance one and 2 CES instance 1 and 2
Thanks for the great articles by the way.
Kurt, never mind I got it all sorted now and the lab works perfectly
- Edited by miura3 Wednesday, February 19, 2014 2:08 AM Update
FYI, Kurt passed away last year and I'm not sure how widely that was communicated outside of Microsoft.
Kurt was a prolific writer and one that I worked with a great deal while I was at Microsoft. His reach and breadth was hands above any other writer I ever worked with at Microsoft. In fact, he was so effective that there are many blogs and articles that only his account has access to. As a result, Microsoft is still struggling to not only find a replacement writer but also to figure out how to access his TechNet account. When I was there, the number of us that could post to the PKI blog was shrinking as Kurt's account was the only one that could add new contributors.