Top Security Solutions from Microsoft Support

Top Security Solutions from Microsoft Supporthttp://support.microsoft.com/ph/1163The latest support information about Security Solutions from Microsoft Product Support Services. Expired Certficate Revocation List (CRL) causes certificate failure during SmartCard logonhttp://blogs.technet.com/b/instan/archive/2008/12/08/requiring-smart-cards-for-logon-avoiding-the-outage-caused-by-expired-crl-s.aspx#phrssAuthentication and AuthorizationYou receive a "Logon failure" message when you use a smart card on a Windows Server-based computer. How to configure Security Auditinghttp://technet.microsoft.com/en-us/library/dd408940(WS.10).aspx#phrssAuthentication and AuthorizationThis step-by-step guide demonstrates the process of setting up an advanced Windows 7 and Windows Server 2008 R2 security auditing policy infrastructure. How to use LDAP over SSL (LDAPS)http://social.technet.microsoft.com/wiki/contents/articles/2980.aspx#phrssPublic Key Infrastructure (PKI)By default, LDAP communications between client and server applications are not encrypted. If your organizational security policies specify that LDAP communications between client and server computers should be encrypted., this blog post provides the steps to enable LDAP over SSL. Certificate enrollment fails with error "No template could be found. There are no CAs from which you have permission to request a certificate, or an error occurred while accessing the Active Directory"http://technet.microsoft.com/en-us/library/cc731429(WS.10).aspx#BKMK_5#phrssPublic Key Infrastructure (PKI) How To Configure Bitlocker backup in Active Directoryhttp://technet.microsoft.com/en-us/library/cc766015(WS.10).aspx#phrssBitlockerThis document describes how to configure Active Directory® to back up recovery information for Windows® BitLocker™ Drive Encryption (BitLocker) and the Trusted Platform Module (TPM). "Recovery policy configured for this system contains invalid recovery certificate" or "ERROR_BAD_RECOVERY_POLICY" error when encrypting a filehttp://technet.microsoft.com/en-us/library/cc738530(WS.10).aspx#BKMK_2#phrssAuthentication and AuthorizationThe Encrypting File System (EFS) recovery policy that is implemented on this computer contains one or more EFS recovery agent certificates that have expired. This TechNet troubleshooting article describes the issue and solution. Best Practices for Certificate Authority (CA) and Public Key Infrastructure PKI implementationhttp://www.microsoft.com/downloads/en/details.aspx?familyid=6F319FFA-739E-4FE8-BAC3-92547BAEF7A9#phrssPublic Key Infrastructure (PKI)This document provides guidance for the planning and implementation of a Microsoft Windows Server 2008 and Windows Server 2008 R2 public key infrastructure (PKI) using Suite B compliant cryptographic algorithms. Events 1925, 1006, 1645, 1055, 40961 on a Windows Server 2008-based domain controller or error message: "No authority could be contacted for authentication" when you use Remote Desktop Connectionhttp://support.microsoft.com/kb/939820#phrssAuthentication and Authorization Unable to logon with Event ID 11, duplicate Service Principal Name registered for clienthttp://technet.microsoft.com/en-us/library/cc733945(WS.10).aspx#phrssAuthentication and Authorization How to Request a Certificate with a Custom Subject Alternative Namehttp://technet.microsoft.com/en-us/library/ff625722(WS.10).aspx#phrssAuthentication and AuthorizationThis guide describes security best practices for allowing custom SANs in certificates and provides procedures that can be used to request a certificate with a SAN. KDC Event ID 16 or 27 is logged if DES for Kerberos is disabledhttp://support.microsoft.com/kb/977321#phrssAuthentication and AuthorizationIn Windows 7 and in Windows Server 2008 R2, the Data Encryption Standard (DES) encryption types for Kerberos are disabled by default. This article will help you determine if you need DES encryption in your environment and, if so, how to enable it.