Re: PKI Questions

Dear Chriss3,

what are then the feature differences of an MS Enterprise CA service install
in a domain either on win 2003 std edt or win 2003 ent edt.?
I think no feature difference except for the feature differences of the OS.


"chriss3 [MVP]" wrote:

It matters to lots of other aspects of running a Microsoft CA

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services


No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Resources

"Vicky" <Vicky@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4A241A94-7520-4AE1-8420-CD970EC9C4E3@xxxxxxxxxxxxxxxx
"I forgot to mention that I would be installing PKI on Windows 2003
standard
edition. I see that it doesn't have as many features as Enterprise, but
that
should be ok.'

Win 2003 std or ent does not matter, as the MS Enterprise CA service can
be
set on both of these win flavours as far as these systems are members of a
domain.


"sektor" wrote:

Thanks chriss3.

I've been reading up on the Microsoft.com docs today to learn as much as
I
can.

I forgot to mention that I would be installing PKI on Windows 2003
standard
edition. I see that it doesn't have as many features as Enterprise, but
that
should be ok.

I figure I could go with Enterprise CA as it shouldn't hurt anything and
if
we continue to explore more avenues with Certificates, it would be better
to
go with Enterprise instead of stand alone. Correct me if im wrong.

I guess, since i'm pretty new to PKI, I wasn't sure if I could
potentially
"break" anything in my current environment. Being as I currently don't
have
access to a test environment or virtual environment, i'm left with "just
rolling it out", which makes me a tad uncomfortable.

I appreciate the help.



"chriss3 [MVP]" wrote:

You should use an Enterprise PKI if you want to integrate it with
Active
Directory Resources, and it sounds like you want to do that. Also
review the
Certificate Service documentations on Microsoft.com. Review if you need
Autoenrollment to be able to push out certificates using group policies
etc,
The OS Platform sets the limitation on a few features depending on if
you
are running Windows Server 2003 Enterprise Edition or not.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services


No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Resources

"sektor" <sektor@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B48B8DBD-82AB-4E69-A440-CE3896F1DF3E@xxxxxxxxxxxxxxxx
Hello.

I am researching setting up PKI for our company. Here is some
background:
(75) users
(2) domain controllers
(3) memeber servers
(3) 4 servers not part of the domain, yet (runs a CRM)
(1) ISA 2004 Server, setup as firewall and VPN server

Now , in my short research so far, I am trying to determine which
solution
will best be for us.

one of the things I want to do is change my VPN users from PPTP and
L2TP,
for better security.

I don't know what the future for PKI for our company will be. We may
just
use it simply, or it may evolve to smart-cards. Tough to tell at this
point.

With that, I was going to install the certificate services on a
memeber
server in our domain. Questiones:

1.) What would work best for us? A Enterprise CA or a Stand-Alone CA.

2.) If I setup a Enterprise CA, will it cause any immediate problems
with
my
users interacting with our systems on our network (Internet,
Exchange,
etc.).
Anything I need to be cautious of.

3.) We have a couple of remote users (single users at home, not
offices)
that are not part of our domain. If I setup a Enterprise CA, will it
cause
any problems with them accessing our network?

That should get me started for now. I am searching microsofts website
a
lot
for info. I've come to realize, PKI is very large.

I appreciate it.








.

Relevant Pages

  • Re: PKI Questions
    ... Microsoft MVP - Directory Services ... I figure I could go with Enterprise CA as it shouldn't hurt anything and ... I guess, since i'm pretty new to PKI, I wasn't sure if I could potentially ... are running Windows Server 2003 Enterprise Edition or not. ...
    (microsoft.public.windows.server.active_directory)
  • Re: PKI Questions
    ... Microsoft MVP - Directory Services ... I figure I could go with Enterprise CA as it shouldn't hurt anything and ... I guess, since i'm pretty new to PKI, I wasn't sure if I could potentially ... are running Windows Server 2003 Enterprise Edition or not. ...
    (microsoft.public.windows.server.active_directory)
  • Re: PKI Questions
    ... I forgot to mention that I would be installing PKI on Windows 2003 standard ... I figure I could go with Enterprise CA as it shouldn't hurt anything and if ... Certificate Service documentations on Microsoft.com. ... are running Windows Server 2003 Enterprise Edition or not. ...
    (microsoft.public.windows.server.active_directory)
  • Re: PKI Questions
    ... You should use an Enterprise PKI if you want to integrate it with Active ... Directory Resources, and it sounds like you want to do that. ... are running Windows Server 2003 Enterprise Edition or not. ...
    (microsoft.public.windows.server.active_directory)
  • Re: SQL Server on ISPs Network
    ... The feature differences ... between Standard and Enterprise editions are documented in the link below. ... development use because it lacks the management tools such as Query Analyzer ... MSDE is limited to databases upto 2GB but other than that all editions use ...
    (microsoft.public.sqlserver.server)