MCSE 2008 Apply Updates at Low-Usage Times for enterprise-based CAs
Using certi?cates, you can determine various types of enrollment, including web, the Cer- ti?cates MMC, the command line, and autoenrollment.
The primary way to interface with a server and obtain a microsoft exam manually is through the use of a web-based browser. Using this method, you can either use a stand-alone or enter- prise CA to obtain almost any type of certi?cate. However, web enrollment does not support certi?cates templates, so all the information regarding the certi?cate must be provided by the user.
Using the command certreq.exe , you can manually create, manage, and retrieve certi?cates. Additionally, certreq.exe will allow you to map the CA policy to a set of policy restraints.
Using the new Certi?cate Request Wizard, you can use the certi?cates MMC to enroll a device with a certi?cate. Primarily, this method is used to set up computers and local devices for certi?cates, such as a computer, user, or server.
The preferred method for modern infrastructures needing certi?cates is to use Microsoft Windows autoenrollment, available in Windows XP, Vista, Server 2003, and Server 2008. With autoenrollment, you can enroll smart cards, EFS, SSL, and you can even manage S/MIME certi?cates for email and other applications. Additionally, you can use Group Policy to manage autoenrollment for speci?c network devices and users.
Whenever a user is con?gured with the ability to issue smart card mcse 2003 on behalf of users, that user is referred to as an enrollment agent. Through the use of an enrollment agent certi?cate, the user is able to distribute certi?cates. These users are usually part of the security infrastructure and help relieve some of the burden upon senior IT staff in the distribution of certi?cates.
Within Windows Server 2008, Microsoft has provided a new feature for enterprise-based CAs called restricted enrollment agents . With restricted enrollment agents, administrators are able to pick users or security groups and give these groups the ability to enroll other security groups or users. This is particularly useful, because previously Windows Server wasn?t able to specify a user or group of users.
For the 70-647 exam, you need to know what a restricted enrollment agent is and that you should have as few as possible to optimize performance on your CA. Furthermore, your organization must be using version 3 certi?cates. You should also note that restricted enrollment agents cannot be used with Active Directory containers such as OUs, but only with users and groups.
Processing your request, Please wait....
