Lab Answer Key for Module 13: Enterprise PKI Active Directory Certificate Services (AD CS)

Similar documents
Lab Answer Key for Module 6: Configuring and Managing Windows SharePoint Services 3.0. Table of Contents Lab 1: Configuring and Managing WSS 3.

Lab Answer Key for Module 9: Active Directory Domain Services. Table of Contents Lab 1: Exploring Active Directory Domain Services 1

Lab Answer Key for Module 1: Installing and Configuring Windows Server Table of Contents Lab 1: Configuring Windows Server

Lab Answer Key for Module 11: Managing Transactions and Locks

Hands-On Lab: WSUS. Lab Manual Expediting WSUS Service for XP Embedded OS

How to Secure a Groove Manager Web Site

Windows Server Update Services 3.0 SP2 Step By Step Guide

Pipeliner CRM Phaenomena Guide Sales Pipeline Management Pipelinersales Inc.

Installing Windows Rights Management Services with Service Pack 2 Step-by- Step Guide

Overview of Microsoft Office 365 Development

Pipeliner CRM Phaenomena Guide Opportunity Management Pipelinersales Inc.

Microsoft Lync Server 2010

Pipeliner CRM Phaenomena Guide Add-In for MS Outlook Pipelinersales Inc.

Module 8: Implementing Group Policy

Deploying the Workspace Application for Microsoft SharePoint Online

Hyper-V Server 2008 Setup and Configuration Tool Guide

Pipeliner CRM Phaenomena Guide Getting Started with Pipeliner Pipelinersales Inc.

EventTracker: Support to Non English Systems

Pipeliner CRM Phaenomena Guide Administration & Setup Pipelinersales Inc.

Pipeliner CRM Phaenomena Guide Lead Management Pipelinersales Inc.

How To Set Up A Virtual Pc Classroom Setup Guide For A Student Computer Course

How To Configure A Windows 8.1 On A Windows (Windows) With A Powerpoint (Windows 8) On A Blackberry) On An Ipad Or Ipad (Windows 7) On Your Blackberry Or Black

Technical Certificates Overview

Windows BitLocker Drive Encryption Step-by-Step Guide

Creating and Deploying Active Directory Rights Management Services Templates Step-by-Step Guide

Migrating Active Directory to Windows Server 2012 R2

Windows Azure Pack Installation and Initial Configuration

Pipeliner CRM Phaenomena Guide Sales Target Tracking Pipelinersales Inc.

Secure IIS Web Server with SSL

Implementing and Supporting Windows Intune

Office Language Interface Pack for Farsi (Persian) Content

Technical Brief for Windows Home Server Remote Access

Introduction to DirectAccess in Windows Server 2012

Module 1: Introduction to Designing Security

Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

Improving Performance of Microsoft CRM 3.0 by Using a Dedicated Report Server

AD RMS Step-by-Step Guide

Integrating Business Portal 3.0 with Microsoft Office SharePoint Portal Server 2003: A Natural Fit

UPGRADE. Upgrading Microsoft Dynamics Entrepreneur to Microsoft Dynamics NAV. Microsoft Dynamics Entrepreneur Solution.

Introduction to Hyper-V High- Availability with Failover Clustering

Lab 05: Deploying Microsoft Office Web Apps Server

How To Set Up A Load Balancer With Windows 2010 Outlook 2010 On A Server With A Webmux On A Windows Vista V (Windows V2) On A Network With A Server (Windows) On

Implementing and Supporting Windows Intune

Step By Step Guide: Demonstrate DirectAccess in a Test Lab

Customizing Remote Desktop Web Access by Using Windows SharePoint Services Stepby-Step

Management Reporter Integration Guide for Microsoft Dynamics GP

Windows Server 2012 R2 Remote Apps Publishing within the enterprise and beyond

The 2007 R2 Version of Microsoft Office Communicator Mobile for Windows Mobile: Frequently Asked Questions

Pipeliner CRM Phaenomena Guide Importing Leads & Opportunities Pipelinersales Inc.

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

Connector for Microsoft Dynamics Configuration Guide for Microsoft Dynamics SL

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

Symantec Enterprise Vault

Business Portal for Microsoft Dynamics GP. Electronic Document Delivery Release 10.0

Lab 02 Working with Data Quality Services in SQL Server 2014

SmoothWall Virtual Appliance

SECO Whitepaper. SuisseID Smart Card Logon Configuration Guide. Prepared for SECO. Publish Date Version V1.0

Deploying Remote Desktop IP Virtualization Step-by-Step Guide

Test Lab Guide: Creating a Windows Azure AD and Windows Server AD Environment using Azure AD Sync

Using Entrust certificates with Microsoft Office and Windows

Business Portal for Microsoft Dynamics GP. Project Time and Expense Administrator s Guide Release 10.0

Deploying Remote Desktop Web Access with Remote Desktop Connection Broker Step-by- Step Guide

User Guide. Live Meeting. MailStreet Live Support:

Special thanks to the following people for reviewing and providing invaluable feedback for this document: Joe Davies, Bill Mathers, Andreas Kjellman

DIGIPASS CertiID. Getting Started 3.1.0

How to Configure a Secure Connection to Microsoft SQL Server

Microsoft Corporation. Status: Preliminary documentation

Microsoft Business Solutions Navision 4.0 Development I C/SIDE Introduction Virtual PC Setup Guide. Course Number: 8359B

HOTPin Integration Guide: DirectAccess

Microsoft Dynamics TM NAV Installation & System Management: C/SIDE Database Server for Microsoft Dynamics TM NAV

SELF SERVICE RESET PASSWORD MANAGEMENT DATABASE REPLICATION GUIDE

Product Development. Using Critical Path EVM for the Microsoft Project Desktop Application Readme

Step-by-Step Guide for Setting Up IPv6 in a Test Lab

Business Portal for Microsoft Dynamics GP. Key Performance Indicators Release 10.0

Writers: Joanne Hodgins, Omri Bahat, Morgan Oslake, and Matt Hollingsworth

Microsoft Dynamics GP. Workflow Installation Guide Release 10.0

How To Use A Microsoft Microsoft Database Server 2012

Enable File and Folder Auditing

How To Install Outlook Addin On A 32 Bit Computer

CRM to Exchange Synchronization

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

20487B: Developing Windows Azure and Web Services

Windows Small Business Server 2003 Upgrade Best Practices

Introduction to Unified Device Management with Intune and System Center Configuration Manager

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

Collaboration Technology Support Center Microsoft Collaboration Brief

2.0. Quick Start Guide

Business Portal for Microsoft Dynamics GP Field Service Suite

MICROSOFT STEP BY STEP INTERACTIVE VERSION 3.0 ADMINISTRATION GUIDE

Deploying Microsoft Office Web Apps Server and Experiencing Collaboration Features

Hyper-V Server 2008 Getting Started Guide

Microsoft AD CS and OCSP

BizTalk Server Business Activity Monitoring. Microsoft Corporation Published: April Abstract

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

ENHANCE. The Style Sheet Tool for Microsoft Dynamics NAV. Microsoft Dynamics NAV 5.0. User s Guide

Symantec Enterprise Vault

Management Reporter Integration Guide for Microsoft Dynamics AX

Transcription:

Lab Answer Key for Module 13: Enterprise PKI Active Directory Certificate Services (AD CS) Table of Contents Lab 1: Enterprise PKI Active Directory Certificate Services (ADCS) 1

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e- mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links are provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2008 Microsoft Corporation. All rights reserved. Microsoft, Microsoft Press, Active Directory, ActiveSync, ActiveX, BitLocker, BizTalk, ForeFront, Internet Explorer, MSDN, Outlook, PowerPoint, SharePoint, SQL Server, Visual Studio, Windows, Windows Media, Windows Mobile, Windows NT, Windows PowerShell, Windows Server, Windows Vista, and WinFX are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Version 1.2

Lab Answer Key for Module 13: Enterprise PKI Active Directory Certificate Services (AD CS) 1 Lab 1: PKI Enhancements in Windows Vista and Windows Server 2008 Lab Setup For this lab, you will use the available virtual machine environment. Before you begin the lab: Turn on NY-DC-01 Log on to NY-DC-01 as ADATUM\Administrator with a password of Pa$$w0rd. Exercise 1: Add Certificate Server Role UI Task 1: Add Certificate Server Role Note: Perform these steps on NY-DC-01. 1. The Server Manager starts automatically. 2. In the Server Manager Details pane, scroll down to Roles Summary. 3. Click Add Roles. 4. The Add Roles Wizard dialog box appears. Click Next. 5. The Select Server Roles page appears. Select Active Directory Certificate Services. 6. Click Next. 7. The Introduction to Active Directory Certificate Services page appears. Click Next. 8. The Select Role Services page appears. Select Certification Authority Web Enrollment. 9. The Add Roles Wizard dialog box appears. Click Add Required Role Services. 10. Select Online Responder. Click Next. 11. The Specify Setup Type page appears. Click Next. 12. The Specify CA Type page appears. Click Next. 13. The Set Up Private Key page appears. Click Next. 14. The Configure Cryptography for CA page appears. In the Select a cryptographic service provider (CSP) list, examine the options. 15. Click RSA#Microsoft Software Key Storage Provider. 16. Click Next. 17. The Configure CA Name page appears. Click Next.

2 Lab Answer Key for Module 13: Enterprise PKI Active Directory Certificate Services (AD CS) 18. The Set Validity Period page appears. Click Next. 19. The Configure Certificate Database page appears. Click Next. 20. The Web Server (IIS) page appears. Click Next. 21. The Select Role Services page appears. Click Next. 22. The Confirm Installation Selections page appears. Click Print, e-mail, or save this information. 23. The Installation Report window opens. Examine Certification Authority. 24. Close the Installation Report window. 25. Click Install. 26. Click Close. 27. Minimize Server Manager.

Lab Answer Key for Module 13: Enterprise PKI Active Directory Certificate Services (AD CS) 3 Exercise 2: Explore New Enrollment UI Task 1: Explore new enrollment UI Note: Perform these steps on NY-DC-01. 1. Click Start Run, and then type MMC. 2. Click OK. 3. On the File menu, click Add/Remove Snap-in. 4. The Add or Remove Snap-ins dialog box appears. Click Certificates, and then click Add. 5. The Certificates snap-in dialog box appears. Ensure My User Account is selected, and then click Finish. 6. Click OK. Note: You might want to resize the console tree pane. 7. Expand Certificates Current User Personal, and then click Certificates. 8. On the Action menu, point to All Tasks, and then click Request New Certificate. 9. The Certificate Enrollment dialog box appears. Click Next. 10. The Request Certificates page appears. Select Show all templates. 11. Scroll up, and for User, expand the Details list box. 12. Click Properties. 13. The Certificate Properties dialog box appears. In the Friendly name field, type Test User Certificate. 14. Click the Subject tab. 15. Under Subject name, in the Type list, examine the options. 16. Click the Extensions tab. 17. Expand the Key Usage list box. 18. Expand the Basic Constraints list box. 19. Click the Private Key tab. 20. Expand the Cryptographic Service Provider list box. 21. Examine the items displayed. 22. Click the Certification Authority tab.

4 Lab Answer Key for Module 13: Enterprise PKI Active Directory Certificate Services (AD CS) 23. Click OK. 24. Select User. 25. Click Enroll. 26. The Certificate Installation Results page appears. Click Finish. 27. Minimize the Console1 window.

Lab Answer Key for Module 13: Enterprise PKI Active Directory Certificate Services (AD CS) 5 Exercise 3: Explore CA performance monitors UI Task 1: Explore CA Performance Monitors Note: Perform these steps on NY-DC-01. 1. Click Start Administrative Tools Reliability and Performance Monitor, 2. The Reliability and Performance Monitor window opens. 3. In the console tree, expand Reliability and Performance Monitoring Tools and then click Performance Monitor. 4. In the Details pane, click the Add Counter toolbar button. Note: This button looks like a green plus sign. 5. The Add Counters dialog box appears. Under <Local computer>, expand Certification Authority. 6. Click Request processing time (ms). Note: You may have to click twice to populate the Instances of selected object. 7. Click Add. 8. Under <Local computer>, expand OCSP Server. 9. Click Request processing time (ms). Note: You may have to click twice to populate the Instances of selected object. 10. Click Add. 11. Click OK. 12. Examine the graph in the Details pane. 13. On the toolbar, in the Change Graph Type list, click Report. Note: This button looks like a graph stacked on top of a bar chart. It is to the left of the Add Counter button. 14. Examine the Details pane. 15. Minimize Reliability and Performance Monitor. 16. Restore Console1. 17. On the Action menu, point to All Tasks, and then click Request New Certificate.

6 Lab Answer Key for Module 13: Enterprise PKI Active Directory Certificate Services (AD CS) 18. The Certificate Enrollment dialog box appears. Click Next. 19. The Request Certificate page appears. Select User. 20. Click Enroll. 21. The Certificate Installation Results page appears. Click Finish. 22. Close Console1. 23. The Microsoft Management Console dialog box appears. Click No. 24. Restore Reliability and Performance Monitor. 25. In the Details pane, examine Certification Authority. 26. Notice that the Certification Authority Request Processing Time has changed. 27. Close Reliability and Performance Monitor.

Lab Answer Key for Module 13: Enterprise PKI Active Directory Certificate Services (AD CS) 7 Exercise 4: Explore delegated enrollment UI Task 1: Explore Delegated Enrollment 1. Click Start Administrative Tools Certification Authority. 2. The certsrv window opens. In the console tree, right-click Adatum-NY-DC-01-CA, and then click Properties. The Adatum-NY-DC-01-CA Properties dialog box appears. 3. Click the Enrollment Agents tab. 4. Click Restrict enrollment agents. 5. The Enrollment Agents dialog box appears. Click OK. 6. Examine Certificate Templates, and then Permissions. 7. Click OK. 8. Minimize certsrv.

8 Lab Answer Key for Module 13: Enterprise PKI Active Directory Certificate Services (AD CS) Exercise 5: Introduce OCSP configuration UI Task 1: Deploy the Online Responder Note: Perform these steps on NY-DC-01. 1. Click Start Command Prompt. 2. The Command Prompt window opens. Type Certutil -vocsproot delete, and press ENTER. 3. Type Certutil -vocsproot, and press ENTER. 4. Minimize Command Prompt. 5. Restore certsrv. 6. In the console tree, right-click Adatum-NY-DC-01-CA, and then click Properties. 7. The Adatum-NY-DC-01-CA Properties dialog box appears. Click the Extensions tab. 8. In the Select extension list, click Authority Information Access (AIA). 9. Click Add. 10. The Add Location dialog box appears. In the Location field, type http://ny-dc-01/ocsp. 11. Click OK. 12. Select Include in the online certificate status protocol (OCSP) extension, and then click OK. 13. The Certification Authority dialog box appears. Click Yes. 14. Minimize certsrv. Task 2: Configure the OCSP Signing Certificate Template 1. Click Start Run and then type MMC 2. Click OK. 3. On the File menu, click Add/Remove Snap-in. 4. The Add or Remove Snap-ins dialog box appears. Click Certificate Templates, and then click Add. 5. Click OK. 6. The Certificate Templates window opens. In the console tree, click Certificate Templates.

Lab Answer Key for Module 13: Enterprise PKI Active Directory Certificate Services (AD CS) 9 7. In the Details pane, right-click the OCSP Response Signing template, and then click Duplicate Template. 8. The Duplicate Template dialog box appears. Click Windows 2003 Server, Enterprise Edition. 9. Click OK. 10. The Properties of New Template dialog box appears. Click OK. 11. Minimize Console1. 12. Restore Command Prompt. 13. Type certutil -v -setreg policy\enablerequestextensionlist +1.3.6.1.5.5.7.48.1.5, and then press ENTER. 14. Type net stop certsvc, and then press ENTER. 15. Type net start certsvc, and then press ENTER. 16. Close Command Prompt. 17. Restore Console1. 18. In the Details pane, right-click OCSP Response Signing, and then click Properties. 19. The OCSP Response Signing Properties dialog box appears. Click the Security tab. 20. Click Add. 21. The Select Users, Computers, or Groups dialog box appears. Click Object Types. 22. The Object Types dialog box appears. Select Computers, and then click OK. 23. In the Enter the object names to select field, type NY-DC-01, and then click OK. 24. For Enroll, select Allow. 25. Click the Request Handling tab. 26. Notice Add Read permissions to Network Service on the private key (enable for machine templates only). 27. Click OK. 28. Close Console1. 29. The Microsoft Management Console dialog box appears. Click No. 30. Restore certsrv. 31. In the console tree, expand Adatum-NY-DC-01-CA. 32. Right-click Certificate Templates, and then click New Certificate Template to Issue.

10 Lab Answer Key for Module 13: Enterprise PKI Active Directory Certificate Services (AD CS) 33. The Enable Certificate Templates dialog box appears. Click OCSP Response Signing, and then click OK. 34. Minimize certsrv. Task 3: Configure the Online Responder 1. Click Start Administrative Tools Online Responder Management. 2. The ocsp window opens. In the Actions pane, click Responder Properties. 3. The Online Responder Properties dialog box appears. Notice the setting for Web Proxy Threads. 4. Notice the setting for Cache entries. 5. Examine the contents of the Audit tab. 6. Click the Security tab. 7. Examine Proxy Requests. 8. Examine Manage Online Responder. 9. Click Cancel. 10. Close ocsp.

Lab Answer Key for Module 13: Enterprise PKI Active Directory Certificate Services (AD CS) 11 Exercise 6: Explore Certificate Revocation Task 1: Explore Certificate Revocation 1. Restore certsrv. 2. In the console tree, click Issued Certificates. 3. In the Details pane, right-click the certificate with Request ID of 3, point to All Tasks, and then click Revoke Certificate. 4. The Certificate Revocation dialog box appears. In the Reason Code list, click Certificate Hold. 5. Click Yes. 6. In the console tree, click Revoked Certificates. 7. In the Details pane, right-click the certificate with Request ID of 3, point to All Tasks, and then click Unrevoke certificate. 8. Close certsrv. Lab Shutdown After you complete the lab, you must shut down all virtual machines and discard any changes.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information