Tag: Safety hardening

What to consider when applying Microsoft Security Baselines?

In the context of hardening measures, it is a good idea to use the Microsoft published Microsoft Security Baselines to your own server landscape.

This will inevitably have an impact on PKI components. The following is an overview of the expected effects and countermeasures.

Continue reading „Was ist bei der Anwendungen der Microsoft Security Baselines zu beachten?“

Required Windows security permissions for the Certificate Enrollment Policy Web Service (CEP)

Assuming one implements Microsoft's Active Directory Administrative Tiering Model, or applies similar hardening measures to one's servers, this will have an impact on the CEP components.

Continue reading „Benötigte Windows-Sicherheitsberechtigungen für den Certificate Enrollment Policy Web Service (CEP)“

Classification of ADCS components in the Administrative Tiering Model

If, in addition to the Active Directory Certificate Services, the administrative tiering model is also implemented for the Active Directory directory service, the question arises as to how the individual PKI components are to be assigned to this model in order to be able to perform targeted security hardening.

Continue reading „Einordnung der ADCS-Komponenten in das administrative Schichtenmodell (Administrative Tiering Model)“

Required Windows security permissions for the Certificate Enrollment Web Service (CES)

Assuming one implements Microsoft's Active Directory Administrative Tiering Model, or applies similar hardening measures to one's servers, this will impact the CES components.

Continue reading „Benötigte Windows-Sicherheitsberechtigungen für den Zertifikatregistrierungs-Webdienst (CES)“

Windows security permissions required for Certificate Authority Web Enrollment (CAWE)

Assuming one implements Microsoft's Active Directory Administrative Tiering Model, or applies similar hardening measures to one's servers, this will impact Certificate Authority Web Enrollment (CAWE).

Continue reading „Benötigte Windows-Sicherheitsberechtigungen für die Zertifizierungsstellen-Webregistrierung (CAWE)“

Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "WS_E_ENDPOINT_FAILURE".

Assume the following scenario:

  • You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
  • The operation fails with the following error message:
The remote endpoint could not process the request. 0x803d000f (-2143485937 WS_E_ENDPOINT_FAILURE)
Continue reading „Die Beantragung eines Zertifikats über den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlercode „WS_E_ENDPOINT_FAILURE““

Why Active Directory integrated certificate authorities are members of the "Pre-Windows 2000 Compatible Access" security group

As part of security hardening efforts against the Active Directory directory service, the question of why Active Directory integrated certificate authorities (Enterprise Certification Authority) are members of the Pre-Windows 2000 Compatible Access security group comes up frequently.

Continue reading „Warum Active Directory integrierte Zertifizierungsstellen Mitglieder der „Pre-Windows 2000 Compatible Access“ Sicherheitsgruppe sind“

Required Windows security permissions for the Network Device Enrollment Service (NDES)

Assuming one implements Microsoft's Active Directory Administrative Tiering Model, or applies similar hardening measures to one's servers, this will have an impact on NDES components.

Continue reading „Benötigte Windows-Sicherheitsberechtigungen für den Registrierungsdienst für Netzwerkgeräte (NDES)“
en_USEnglish
de_DEDeutsch en_USEnglish