NDES and domain membership
-
miércoles, 21 de marzo de 2012 17:52
Hi
Is domain membership required for the server hosting the NDES role i.e when placing the server is a DMZ? I am using Windows Server 2008 R2 SP1 Enterprise.
Kind regards
Flagzz
Todas las respuestas
-
viernes, 23 de marzo de 2012 10:04Moderador
Hi,
This depends on the NDES deployment scenarios: enterprise and standalone.
For Enterprise NDES deployments, NDES needs to be installed on a domain member web server and configured to use an enterprise CA for certificate enrollment and certificate query operations.
For Standalone NDES deployments, NDES is installed on the same computer as a standalone root CA.
For more information, please refer to:
AD CS: Deploying Network Device Enrollment Service
http://technet.microsoft.com/en-us/library/ff955646(v=ws.10).aspxHope this helps.
Regards,
Bruce
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
- Marcado como respuesta Flagzz sábado, 24 de marzo de 2012 16:05
-
viernes, 23 de marzo de 2012 11:34
Hi;
So according to Bruce-Liu's reply, in a DMZ environment, its better to use Stand-alone scenario, because of its reduced attach surface and then harden the server with security features like Security Configuration Wizard and also enable SSL on the /mscep_admin.
For more information go to the following link:
http://www.microsoft.com/download/en/details.aspx?id=1607
Thanks
- Editado R.AlikhaniMicrosoft Community Contributor viernes, 23 de marzo de 2012 11:37
-
sábado, 24 de marzo de 2012 16:06
Hi Bruce and R. Alikhani
Thanks for the answer :)
Kind regards
Flagzz
.png)
