Question of the Day

Irish Man

Hey Guys,

I have another question that I have come across in the MSPRESS book that I need some help with. Whats the best method of resolving this question.

Cheers
Colin

You are the network administrator for APMG.com. The network contains a
Windows Server 2003 computer that runs Certificate Services in a stand-alone
configuration and serves as a certification authority (CA). Users use the Web-based
Certificate Services interface to request digital certificates.

You need to ensure that only authenticated domain users can access the Web-based
interface. You must not change the way users access other Web-based content on
the same server. You must ensure that user credentials cannot be passed in clear
text across the network.
What should you do?

royal

Configure the certsrv directory in IIS to use Integrated Windows Authentication. In addition to this, ensure that other authentication mechanisms are unchecked such as Basic, Anonymous, etc.. Integrated Windows Authentication uses Kerberos Authentication and NTLM meaning the user's would have to have a domain account to take advantage of these types of authentication mechanisms. If the client connecting supports Kerberos, that has the higher preference. If they do not, then NTLM is used. If you're logged into your computer and used Kerberos to authenticate to the domain, then Kerberos will be used when you are being authenticated for the website.