RE: Duplicating Certificate Templates

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hello Gary,

Thank you for posting here.

According to your description, I understand that you want to configure
smart card logon in SBS network. If I have misunderstood the problem,
please don't hesitate to let me know.

Based on my research, I agree with you, we cannot duplicate a certificate
template on the Windows 2003 Standard server. Even if we duplicate it, it
could be only used on the Enterprise version server.

However, we do not need to duplicate certificate template when we just want
to configure smart card logon. There are some documents about configure
smart card logon you can refer to:

How to Support Smart Card Logon for Remote Access VPN Connections
http://www.microsoft.com/technet/security/midsizebusiness/topics/networksecu
rity/smartcardlogonVPN.mspx

Note: This article talks about detail steps about how to resolve the
certificate problem. We do not have to duplicate certificate templates
according to this article.

If the you also requires smartcard for interactive logon, please refer to:

Chapter 3 - Using Smart Cards to Help Secure Administrator Accounts
http://www.microsoft.com/technet/security/guidance/networksecurity/securesma
rtcards/scpgch03.mspx

Additional information:

Planning a Smart Card Deployment
http://technet2.microsoft.com/windowsserver/en/library/5229033e-232b-4f91-9f
86-0cbbd7cfc5a81033.mspx?mfr=true

Smart Card How To...
http://technet2.microsoft.com/windowsserver/en/library/70e8db04-d7dc-406b-97
59-80ddc87e35ef1033.mspx?mfr=true

Smart Cards
http://www.microsoft.com/technet/security/guidance/identitymanagement/scard.
mspx

Certificate Template Overview
http://technet2.microsoft.com/windowsserver/en/library/e42693ef-374b-40a9-af
3c-569f0d1fe1c91033.mspx?mfr=true

I hope that will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: Duplicating Certificate Templates
| thread-index: AcibFqj7jDukTaoaQwaKBHyZ5EIJuQ==
| X-WBNR-Posting-Host: 207.46.19.168
| From: =?Utf-8?B?R2FyeSBL?= <GaryK@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Duplicating Certificate Templates
| Date: Thu, 10 Apr 2008 07:25:00 -0700
| Lines: 14
| Message-ID: <6CAF34AE-D353-4E9D-A029-107569E3FCAB@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:102432
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi,
|
| I recently tried to configure and duplicate a certificate template on a
| Windows SBS 2003 Server.
|
| It seems there is a limitation and this cannot be done on a Windows 2003
| Standard Server.
|
| Is there anyway to work around this since you cannot change the v1
| certificate?
| What we are trying to configure is smart card logon.
|
| Regards
| Gary K
|

.

Relevant Pages

  • Re: Offline Smart Card Logon
    ... So smart card logon would only work as long the notebooks have a vaild, ... If the CRL has expired, ... > For successful smart card logon, a valid CRL (certificate revocation list) ...
    (microsoft.public.windows.server.security)
  • Re: Smart Card Logon
    ... Directory to require that they use smart card logon but that will apply to ... any domain computer that they logon to. ... administrator account on the local machine from this policy. ...
    (microsoft.public.windowsxp.security_admin)
  • LSALogonUser and smart cards....
    ... I have the following question concerning smart card logon on windows station. ... we query from a smart card (or any other certificate store). ...
    (microsoft.public.win32.programmer.networks)
  • Re: Smart Card Logon
    ... You can simply make sure those domain users are local administrators on the ... domain computer they need to manage - they do not need to be using a domain ... enfoce the Smart Card Logon on the local machine. ... Directory to require that they use smart card logon but that will apply to ...
    (microsoft.public.windowsxp.security_admin)
  • Smart Card Logon Process in W2k Domain
    ... i have problems to understand the Smart Card Logon process in W2k ... how the certificate template ... For example the Smart Card template has extensions ... with special OIDs. ...
    (microsoft.public.windows.server.security)