Toggle navigation Active Directory Security Active Directory Enterprise Security, Methods to Secure Active Directory, Attack Methods. I have a number of replications setup using DFSR between a number of our Windows Server 2008 R2 x64 servers. I have done a compare using Beyond Compare. This stepbystep guide explains how to install and configure public key infrastructure, based on Windows 2008 R2 Server core offline Root CA Windows 2008 R2. November 2014 update rollup for Windows RT 8. Windows 8. 1, and Windows Server 2012 R2. Windows 2. 00. 8 R2 Certification Authority installation guide. This step by step guide explains how to install and configure public key infrastructure, based on Windows 2. R2 Server core offline Root CA Windows 2. R2 domain controller Windows 2. R2 enterprise edition Subordinate Enterprise CA server. Offline Root CA OS installation phase Boot the server using Windows 2. Hi. I just completed a test deployment of a Windows 7 client in a virtualized environment using WDS. I am using Windows Server 2008 R2 as a domain. Check Active Directory Health In Windows 2008 R2' title='Check Active Directory Health In Windows 2008 R2' />R2 bootable DVD. Specify the product ID click Next. From the installation option, choose Windows Server 2. R2 Server Core Installation click Next. Accept the license agreement click Next. Choose Custom Advanced installation type specify the hard drive to install the operating system click Next. Allow the installation phase to continue and restart the server automatically. To login to the server for the first time, press CTRLALTDELETE Choose Administrator account click OK to replace the account password specify complex password and confirm it press Enter Press OK. From the command prompt window, run the command bellow sconfig. Press 2 to replace the computer name specify new computer name click Yes to restart the server. To login to the server, press CTRLALTDELETE specify the Administrator account credentials. From the command prompt window, run the command bellow sconfig. Press 5 to configure Windows Update Settings select A for automatic click OK. Press 6 to download and install Windows Updates choose A to search for all updates Choose A to download and install all updates click Yes to restart the server. To login to the server, press CTRLALTDELETE specify the Administrator account credentials. From the command prompt window, run the command bellow sconfig. In case you need to use RDP to access and manage the server, press 7 to enable Remote Desktop choose E to enable choose either 1 or 2 according to your client settings Press OK. Press 8 to configure Network settings select the network adapter by its Index number press 1 to configure the IP settings choose S for static IP address specify the IP address, subnet mask and default gateway press 2 to configure the DNS servers click OK press 4 to return to the main menu. Press 9 to configure Date and Time choose the correct datetime and time zone click OK Press 1. Yes to restart the server. Offline Root CA Certificate Authority server installation phase To login to the server, press CTRLALTDELETE specify the Administrator account credentials. Install Certificate services start w ocsetup. Certificate. Services norestart quiet To check that the installation completed, run the command oclist find i Certificate. Services Download the file setupca. To C Windowssystem. Run the command bellow to configure the Root CA Cscript nologo C WindowsSystem. RSAMicrosoft Software Key Storage Provider sa SHA2. In order to verify that the installation completed successfully, open using Notepad, the file Setup. CA. log located in the current running directory, and make sure the last line is Install complete Passed Run the command bellow to enable remote management of the Root CA netsh advfirewall firewall set rule groupRemote Service Management new enableyes Run the command bellow to stop the Cert. Svc service Net stop Cert. Svc Run the command bellow to change new certificate validity period time reg add HKLMSYSTEMCurrent. Control. SetservicesCert. SvcConfigurationrootcanetbiosname v Validity. Period. Units t REGDWORD d 5 f. Note The command above should be written in one line. Run the command bellow to start the Cert. Svc service Net start Cert. Svc. Enterprise Subordinate CA OS installation phase. Pre requirements Active Directory Forest functional level Windows 2. R2 Add A record for the Root CA to the Active Directory DNS. Boot the server using Windows 2. R2 Enterprise Edition bootable DVD. Specify the product ID click Next. From the installation option, choose Windows Server 2. R2 Enterprise Edition Full installation click Next. Accept the license agreement click Next. Choose Custom Advanced installation type specify the hard drive to install the operating system click Next. Allow the installation phase to continue and restart the server automatically. To login to the server for the first time, press CTRLALTDELETE Choose Administrator account click OK to replace the account password specify complex password and confirm it press Enter Press OK. From the Initial Configuration Tasks window, configure the following settings. Set time zone Configure networking specify static IP address, netmask, gateway, DNS Provide computer name and domain add the server to the domain Enable Remote Desktop In order to be able to remotely manage the Root CA, run the command bellow cmdkey add Root. CAHostname user Administrator pass Root. CAAdminPassword Enterprise Subordinate CA Certificate Authority server installation phase. Pre requirements DNS CNAME record named wwwca for the Enterprise Subordinate CA. To login to the server, press CTRLALTDELETE specify the credentials of account member of Schema Admins, Enterprise Admins and Domain Admins. Start Administrative Tools Server Manager. From the left pane, right click on Roles Add Roles Next select Web Server IIS click Next twice select the following role services. Web Server Common HTTP Features. Static Content. Default Document. Directory Browsing. HTTP Errors. HTTP Redirection Application Development. NET Extensibility. ASPISAPI Extensions Health and Diagnostics. HTTP Logging. Logging Tools. Tracing. Request Monitor Security. Windows Authentication. Microsoft Wireless Mouse 6000 Update Flash. Client Certificate Mapping Authentication. IIS Client Certificate Mapping Authentication. Request Filtering Performance. Static Content Compression Management Tools IIS Management Console IIS Management Scripts and Tools IIS 6 Management Compatibility. IIS 6 Metabase Compatibility Click Next click Install click Close. From the left pane, right click on Features Add Features Next expand Windows Process Activation Service select. NET Environment and Configuration APIs select the feature. NET Framework 3. 5. Features click Next click Install click Close. From the left pane, right click on Roles Add Roles Next select Active Directory Certificate Services click Next twice select the following role services. Certification Authority Certification Authority Web Enrollment Certificate Enrollment Policy Web Service Click Next. Configure the following settings. Specify Setup Type Enterprise CA Type Subordinate CA Private Key Create a new private key Cryptography Cryptographic service provider CSP RSAMicrosoft software Key Storage Provider. Key length 2. 04. Hash algorithm SHA2. CA Name Common name specify here the subordinate server Net. Check Active Directory Health In Windows 2008 R2© 2017