Posted on

Custom Templates, Server 2008 R2 CA Web Enrollment

Usually the issue is one or a combination of the following things below:

1) In certificate template Subject tab wasn’t switched to Supply in request.

2) The enrollment permissions on the certificate are incorrect.

3) The Template was created for a 2008 R2 CA, but the forest level is still on 2003. A 2008 Cert Template can only be selected if the CA is on a 2008 R2 Server, AND the forest level is at 2008 R2.

4) IE was not opened with elevated creds, even if logged in as a domain admin account, right click IE > run as Admin.

5) Last but not least, You have to add the template to the CA to allow it to be issued.
Open Certification Authority MMC snap-in, select Certificate Templates node. In the Action menu, select New and Certificate Template To Issue.

Enjoy signing certificates on your enterprise CA!

Jan 2018 Update

Even I’m not sure what the heck this post was about, but if my memory serves me correctly, it’s when you attempt to use a particular Certificate template in either the MMC snap-in or the CA’s web portal and find the certificate is not available from the drop down menu to be selected.

Kinda wish i would have referenced some of these claims, but I’ll take my own word for it. Haha 🙂

Posted on

Copying Outlook 2013 Signatures

Using Windows Easy Transfer is amazing tool for when you want to move all your profile settings and personal files from your old system to your new one.
But like everything it’s not perfect, for instance you can’t go from 64 bit – 32 bit (Who would want to…)
You can’t go from WIndows 7 to Windows 8 (Yes it’ll copy your files but not your settings, should be expected, and only via USB HDD)

and one pet pieve that it doesn’t copy over Outlook sugnatures given its located under a user profile directory (C:\Users on Vista and up versions)

Now copy the files from %APPDATA%\Microsoft\Signatures (%APPDATA% is C:\Users\useraccount\appdata\roaming)
Not to be confused with %localappdata% which is C:\users\useraccount\appdata\local

Since these files are hidden system files I suggest to use xcopy with the /i /e /h options.
You can also adjust Windows explorer folder view settings to show hidden and system files.

Once these Files have been copied to the destination machine with the same user at the same directory,
simply reopen outlook and check your signatures! Boom, they are back baby!

Jan 2018 Update Notes

First off, WET is no longer a thing. I will admit I am very sad to see it go, as a systems administrator it was a thing of beauty and made my life a breeze. Sadly now Microsoft has out sourced this to a partner company “Laplink’s PCmover Express“, and even worse it’s a paid product. I personally think its rubbish, you’d be better off updating/upgrading your software manually and simply moving any associated files with that application manually.

Secondly, You’ll notice the use of Environment Variables. Learn em, use em they are a vital tool to management specially with non-default directories or system drives.

Posted on

Full Remote Admin in Windows Domain

As an Windows Server administrator, you may find yourself wanting to run some commands or do some tasks on an end users system.
Theres an awesome tool package on MS site called sysinternals, developed by an awesome guy named Mark.
However, I was having issues accessing UNC paths until I provided the options for the admin creds,
even though the cmd prompt that was running the psexec command was already elevated with the same creds.
Then I was having issues accesses local system files until I discovered the -h option.

To have full CMD on remote systems:
“psexec \\remotesystem -u domain/adminaccount -p passowrd -h cmd”

The -h is important as it pushes for an elevated token on Vista+ systems.

XCopy source destination /e /i /h (Copy all hidden and system files for profile use)

/e copy directories and subdirectories, including empty ones

/i assums directory on destination if copy more than one file and does not exist

/h copy hidden and system files

Now you can move all your Firefox settings, IE settings, and more remotely!

Jan 2018 Update

Use Robocopy, or better yet; PowerShell, instead of xcopy.