Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Windows Server 2008 R2 : DirectAccess Scenario (part 3) - Certificate Autoenrollment & IP-HTTP Certificate

- Windows 10 Product Activation Keys Free 2019
- How to active Windows 8 without product key
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
3/20/2011 10:31:03 PM

Certificate Autoenrollment

Next, configure the root CA so that computer certificates are issued automatically through a group policy using a GPO named Cert Auto Enrollment Group Policy Object. These certificates will be used to secure the IPSec tunnels established.

To configure computer certificate autoenrollment, complete the following steps:

1.
On the domain controller DC1, launch Server Manager.

2.
Expand Features, Group Policy Management, Forest: companyabc.com, Domains, and select companyabc.com.

3.
In the console tree, right-click the domain companyabc.com and select Create a GPO in the Domain and Link It Here.

4.
Enter the name Cert Auto Enrollment Group Policy Object and then click OK.

5.
Right-click the Cert Auto Enrollment Group Policy Object and select Edit.

6.
In the console tree of the Group Policy Management Editor, open Computer Configuration, Policies, Windows Settings, Security Settings, and select Public Key Policies.

7.
In the details pane, right-click Automatic Certificate Request Settings, point to New, and then click Automatic Certificate Request.

8.
In the Automatic Certificate Request Wizard, click Next.

9.
On the Certificate Template page, click Computer (shown in Figure 4), click Next, and then click Finish.

Figure 4. Certificate autoenrollment.

10.
Close the Group Policy Management Editor and Group Policy Management Console.

Now, each computer that is a member of the domain will be enrolled automatically with a computer certificate.

IP-HTTP Certificate

Next, obtain an additional certificate for DA1 with a customized subject and alternative name for IP-HTTPS connectivity. This certificate is in addition to the computer certificate that was obtained through the autoenrollment configured earlier.

To obtain the additional certificate for the DirectAccess server DA1, execute the following steps:

1.
On the DirectAccess server DA1, click Start, type mmc, and then press Enter.

2.
Click File and select Add/Remove Snap-Ins.

3.
Select Certificates, click the Add button, select Computer Account, click Next, select Local Computer, click Finish, and then click OK.

4.
In the console tree of the Certificates snap-in, expand Local Computer, Personal, and select Certificates.

5.
Right-click Certificates, point to All Tasks, and then click Request New Certificate.

6.
Click Next twice.

7.
On the Request Certificates page, click Web Server 2008, and then click the button More Information Is Required to Enroll for This Certificate.

8.
On the Subject tab of the Certificate Properties dialog box, in the Subject Name section, for Type, select Common Name.

9.
In the Value field, type da1.companyabc.com, and then click the Add button.

10.
In the Alternative Name section, for Type, select DNS.

11.
In the Value field, type da1.companyabc.com, and then click the Add button.

12.
Click OK, click Enroll, and then click Finish.

13.
In the details pane of the Certificates snap-in, verify that a new certificate with the name da1.contoso.com was enrolled with Intended Purposes of Server Authentication.

14.
Right-click the certificate and select Properties.

15.
In the Friendly Name field, type IP-HTTPS and click OK.

Installing the DirectAccess Feature on DA1

Before you can run the DirectAccess Setup Wizard, you must install the DirectAccess feature on DA1. To install the DirectAccess feature, execute the following steps:

1.
On the DirectAccess server DA1, launch Server Manager.

2.
Right-click on Features and select Add Features.

3.
On the Select Features page, select DirectAccess Management Console.

4.
At the pop-up, click Add Required Features. This adds the Group Policy Management feature.

5.
Click Next.

6.
Click Install.

7.
Click Close to finish.

The DirectAccess feature has been installed, but still needs to be configured.

Other -----------------
- Windows Server 2008 R2 : DirectAccess Scenario (part 2) - Using a GPO to Configure Firewall Rules & Custom Certificate Template for IP-HTTPS
- Installing Exchange Server 2010 : Deploying Active Directory from Scratch (part 3)
- Installing Exchange Server 2010 : Deploying Active Directory from Scratch (part 2) - Promoting a Windows Server 2008 Server to a Domain Controller
- Installing Exchange Server 2010 : Deploying Active Directory from Scratch (part 1) - Installing the Windows Server 2008 Operating System
- Planning Your Exchange Server 2010 Installation
- Installing Exchange Server 2010 : Understanding Role Based Access Control
- Windows Server 2008 R2 : Traditional VPN Scenario (part 5) - SSTP Troubleshooting
- Windows Server 2008 R2 : Traditional VPN Scenario (part 4) - Testing the VPN Connection & Controlling Unhealthy VPN Clients
- Windows Server 2008 R2 : Traditional VPN Scenario (part 3) - Setting Up the RRAS Server & Setting Up the VPN Client
- Windows Server 2008 R2 : Traditional VPN Scenario (part 2) - Setting Up the Network Policy Server & Configuring the Network Policy Server
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
Celebrity Style, Fashion Trends, Beauty and Makeup Tips.
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server