lookin to build a server to issue certs for a small business. what is the difference between these two edditions standard vs enterprise. what is the benefit of enterprise edition over standard.

probably you are talking about Standalone? Take a look here: http://technet.microsoft.com/en-us/library/cc740257(WS.10).aspx if you want to integrate CA with your AD forest, you will want to use Enterprise CA.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com

be careful about the terms "editions of OS" and "versions of CA". Windows Server operating systems comes in Standard and Enterprise editions. However, you can install the certification authority in two favors - the Standalone CA and the Enterprise CA. I would reffer to the Enterprise CA rather by something like an "AD Integrated CA". first the difference between the AD Integrated Enterprise CA and the Standalone CA. With the standalone CA, you need to upload the requests manually either from a .REQ file or through the obsolete web enrollment pages. With the Enteprise AD Integrated CA, you can configure your clients to Autoenroll for the certificates so that you have them enroll for the certificates automatically without you going to each other. Or you can enable an online enrollment when you use GUI console to request certificates under a domain user account and do not bother with the .REQ file transport. The AD Integrated Enterprise CA also offers an automatic approval, so that it issues the certificates automatically based on some certification policies defined on Certificate Templates, while the Standalone CA requires every certificate request to be manually approved by a CA admin. Now to the operating systems. With Windows Server 2008 R2 the editions have minor differences. The CA on the Enterprise OS Edition offeres OCSP and NDES protocol support which is not too necessary for most intranet environments, although may be useful. It also offers the Key Recovery Agent feature which would allow you to backup private keys for the issued certificates on the authority - this is also seldom used in intranet deployments unless you use the certficites for data encryption - transport encryption such as SSL or smart card logon do not require the private keys to be backed up, because they are just signing keys. ondrej.