Hi everyone,
I need to complete the justify for what reason we need a Certification Authority on the organization, so I need you help to answer these questions:
1. For what reason we need install a Certification Authority on the organization?
2. What I win with that?
3. What security issues cover with it?
4. I all ready need to provide user and computer certificates to validate they identity?, does the domain account not cover that?.
I hope found the right answer for these questions!!!

Need to support users over the internet? click here try our remote control online beta

Hello,
1. if you have to fullfill security in the domain, network, on servers or machines for example then certificates are an option. Also Smartcards to have secondary authentication in addition to the user/password combination.
2. security, as the certificates and user/machine/smartcard work together and without the certificate it is much more difficult to get into the domain or machines.
3. unwanted access to machines/websites/gateways etc.
4. a single user account is used for authentication with a password depending on the domain password policy, that is not really much and often users store there passwords on open, unsafe locations.
But i think there are still more options and opinions here. The best forum to ask about is the security forum


http://social.technet.microsoft.com/Forums/en/winserversecurity/threadsBest
regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog:
http://msmvps.com/blogs/mweber/


Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

There is an amazing pack of free network admin tools. click here to download it

Hello,
1. if you have to fullfill security in the domain, network, on servers or machines for example then certificates are an option. Also Smartcards to have secondary authentication in addition to the user/password combination.
2. security, as the certificates and user/machine/smartcard work together and without the certificate it is much more difficult to get into the domain or machines.
3. unwanted access to machines/websites/gateways etc.
4. a single user account is used for authentication with a password depending on the domain password policy, that is not really much and often users store there passwords on open, unsafe locations.
But i think there are still more options and opinions here. The best forum to ask about is the security forum


http://social.technet.microsoft.com/Forums/en/winserversecurity/threadsBest
regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog:
http://msmvps.com/blogs/mweber/


Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Need to support users over the internet? click here try our remote control online beta