Details of the event with ID 50 of the source Microsoft-Windows-NetworkDeviceEnrollmentService

Event Source:	Microsoft-Windows-NetworkDeviceEnrollmentService
Event ID:	50 (0x32)
Event log:	Application
Event type:	Information
Event text (English):	The Network Device Enrollment Service is working in single password mode. The password can be used multiple times and will not expire.
Event text (German):	The network device registration service runs in single password mode. The password can be used multiple times and does not expire.

The Network Device Enrollment Service (NDES) provides a way for devices that do not have an identifier in Active Directory (for example, network devices such as routers, switches, printers, thin clients, or smartphones and tablets) to request certificates from a certification authority. For a more detailed description, see the article "Network Device Enrollment Service (NDES) Basics„.

Example events

The Network Device Enrollment Service is working in single password mode. The password can be used multiple times and will not expire.

Description

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.

Occurs when the NDES service is started if it is configured to work with a static password (see article "Configuring the Network Device Enrollment Service (NDES) to work with a static password.„).

Safety assessment

The security assessment is based on the three dimensions of confidentiality, integrity and availability.

An alert can be useful if such a configuration is not desired in the network. The configuration with a static password is not particularly secure: If the password is known, an attacker can obtain any number of certificates from the NDES server and possibly use them to gain access to the network. provide extended rights.

A regular change of the password should therefore be configured as a minimum measure, if technically feasible.

Related links:

• Overview of Windows events generated by the Network Device Enrollment Service (NDES).

External sources

• Active Directory Certificate Services (AD CS): Network Device Enrollment Service (NDES) (Microsoft)