xdot509

A Microsoft Premier Field Engineer's blog on Cloud and Security Technologies

xdot509

  • Steps for renewing NDES Service Certificates

    For those organizations that used the Network Device Enrollment Service run into is the process for renewing the certificates for NDES. I never was able to find good instructions on how to do this. So, I had no choice but to create my own. The steps in...
  • Administrator Workstations

    I had previously published this information to my blog and accidently removed it from here. Re-adding the posting. I hope to find time to update this for Windows 10 in the future. Windows 10 has a feature named Credential Guard which greatly increases...
  • Transitioning Your PKI to SHA2

    Background Hashing Algorithms Hashing Algorithms take variable input and provide a unique fixed length output. Hashing algorithms have a number of desired properties. Those desired properties include that the hash should not be able to be reversed...
  • Microsoft Devices Security, Virtual Smart Cards Part 2: Deployment

    Deploying Virtual Smart Cards I am going to cover how to deploy Virtual Smart Cards. In this section I am going to perform a simplified deployment using Active Directory Certificate Services and tpmvscmgr.exe. In a complex environment you may wish to...
  • Microsoft Devices Security, Virtual Smart Cards Part 1: Introduction and Trusted Platform Module (Updated 11/26/2014)

    Given the recent breaches on companies both large and small, there has been an increased focus on security and secure authentication. This combined with the adoption of mobile devices to increase the productivity of the mobile worker has left many organizations...
  • Windows Phone Awesomeness

    Wow!!!  It’s pretty awesome to see the continued evolution of Windows Phone! I have posted in the past about some really cool features such as NFC and DataSense. But recently there have been a lot of interesting applications released for Windows...
  • Getting Started with Windows Azure: Part 5 Getting Familiar with the Windows Azure Management Tools for Virtual Machines

    Now, that we have created our first VM we want to get familiar with the Management Tools.  For the purpose of this blog posting, I will be covering the Management Tools presented by the Web Interface.  Specifically, I will be covering the management...
  • Getting Started with Windows Azure: Part 4 Creating a Virtual Machine from the Gallery

    So, in my previous blog posting I covered how to create your first Virtual Machine in Windows Azure IaaS.  In that blog posting we used the QUICK CREATE method.  In this blog posting, we will be performing similar steps using the Virtual Machine...
  • Getting Started with Windows Azure: Part 3 Creating Your First Windows Azure VM

    In the previous two blog postings ( Getting Started with Windows Azure: Part 1 Introduction and Getting Started with Windows Azure: Part 2, What are Cloud Services? ) I discussed how to get a Windows Azure Trial account as well as some background information...
  • Getting Started with Windows Azure: Part 2, What are Cloud Services?

    What is Windows Azure? “Windows Azure is Microsoft's application platform for the public cloud.” In other words Windows Azure is a platform that allows organizations to have their applications run in the public cloud. What is a Public...
  • Getting Started with Windows Azure: Part 1 Introduction

    Regular visitors to my blog know that I am an expert in Public Key Infrastructure (PKI).  That has been my focus for many years now.  I also have a strong background in Active Directory, previously working for the Directory Services support...
  • PKI Disaster Recovery: Backing Up and Restoring AD Objects

    In my last blog posting I covered viewing PKI related Active Directory Objects.  In this blog post, I am going to cover the steps necessary to backup and recover AD Objects.  The group responsible for Active Directory in your organization should...
  • Upgrading your PKI to Windows Server 2012 (New Video)

    This video covers the steps necessary to migrate a two tier PKI to Windows Server 2012. This video replaces my previous videos covering these steps. For those that watched Part I, II, and III of my previous upgrade video series and just want to see the...
  • PKI Disaster Recovery: Viewing PKI Related Active Directory Objects

    Now that I have Windows 8.1 installed on both my Surface and laptop (Lenovo T430s) I have some time to work on some blogs.  I am going to continue on the “Operating a PKI” series.  However, I did want to cover Disaster Recovery in a series of...
  • Operating a PKI: Revoking Orphaned Certificates (Video)

    This video covers the steps necessary to revoke orphaned certificates. Additional information on this topic is available at http://blogs.technet.com/b/xdot509/archive/2013/06/18/operating-a-pki-revoking-orphaned-certificates.aspx . Revoking Orphaned Certificats
  • Operating a PKI: Revoking Orphaned Certificates

    Orphaned certificates are certificates that are issued by a Certification Authority, but after issuing the certificates the Certification Authority has no knowledge of the certificates.  This situation most commonly occurs after the restore of a...
  • Operating a PKI: SMTP Exit Module

    I am back to discuss the SMTP Exit Module.  The SMTP Exit Module is a very useful monitoring tool, yet so many are unaware of the SMTP Exit Module.  In this blog posting I am going to answer the following questions and address the following...
  • PKI Tip: More Certificate Store Shortcuts

    Shortly after I posted PKI Tip: Certificate Store Shortcuts , Tom Aafloen (@TomAafloen) let me know of another easy way to access the Certificate Stores in Windows 8 & Windows Server 2012. Step 1.  Hold down the Windows key on the keyboard and...
  • PKI Tip: Certificate Store Shortcuts

    For those that spend time managing certificates I wanted to highlight some shortcuts for certificate management.  For a while now we have been able to directly access the Certificate MMC targeted for the Current User by launching certmgr.msc . Which...
  • Operating a PKI: CA Certificate Renewals and OCSP

    There are some effects that CA Certificate Renewal has on OCSP. OCSP provides revocation checking information for clients. For, each CA an OCSP Responder has a Revocation Configuration. Each Revocation Configuration has an OCSP Signing Certificate associated...
  • Operating a Windows PKI: Renewing CA Certificates

    In the previous blog posting ( Operating a Windows PKI: Certification Authority Certificate Lifecycle and Renewals ) I covered considerations for the CA Certificates lifecycle and when CA certificates should be renewed.  In this blog posting, I am...
  • Operating a Windows PKI: Certification Authority Certificate Lifecycle and Renewals

    Certification Authority Certificate Lifecycle and Renewals In this blog post I am going to discuss managing the Lifecycle for CA Certificates as well as cover the actual process to renew CA Certificates. Number of Tiers If an organization is looking to...
  • Operating a Windows PKI: Removing Expired Certificates from the CA Database

    Today, I am going to discuss removing expired certificates from the CA database.  Every time a CA issues a certificate it also stores a copy of the issued certificate in the CA database.  Overtime the certificates that the CA issues expire. ...
  • Operating a Windows PKI

    In my customer engagements I get a lot of questions around what tasks an organization should be doing in terms of operation and maintenance for their PKI.  So, in this blog series I am going to cover the operational and maintenance aspects of a PKI...
  • Fun with Windows Phone 8 and NFC

    I currently have a Windows Phone 8 device, specifically the HTC 8X.  One the features in this phone is Near Field Communications (NFC).  I had heard a lot about NFC so I wanted to try it out.  So, I bought some NFC tags from Amazon. ...