1
00:00:07,760 --> 00:00:16,220
After you deploy see you should perform several tasks to configure it and to manage it properly later.

2
00:00:16,280 --> 00:00:21,860
SC is a very important service so you should manage it carefully.

3
00:00:22,040 --> 00:00:30,770
After deploying SCA hierarchy you should verify the safe security configuration to ensure which users

4
00:00:30,770 --> 00:00:35,850
and groups are allowed to perform administrative tasks on that.

5
00:00:37,040 --> 00:00:45,140
Additionally it is important that you configure log in and monitor and options for receipt so that you

6
00:00:45,380 --> 00:00:50,370
look or all important tasks and activities you can configure.

7
00:00:50,450 --> 00:01:00,870
The most common see management options if you use the certification authority counsel however you also

8
00:01:00,870 --> 00:01:10,320
can use Windows power shell and the cert you till come online tool to manage various advanced sea options

9
00:01:10,860 --> 00:01:15,720
and to perform some tasks that are not available in a graphical council.

10
00:01:16,950 --> 00:01:24,060
Now let's review windows power shall come on lads for deploying and administering SC Windows Server

11
00:01:24,090 --> 00:01:33,810
2016 provides several windows power shall come on lads for ADC as deployment and administration and

12
00:01:33,840 --> 00:01:44,160
Windows Server at the ADC as deployment and ADC s administration windows power shall modules are available

13
00:01:44,160 --> 00:01:54,020
to deploy and administer CS if you have already installed their adc s binaries you can import their

14
00:01:54,020 --> 00:01:59,690
modules for use in Windows power shell by Iran and the following commands.

15
00:01:59,690 --> 00:02:11,140
Import module ADC of deployment and import module ADC as administration if you want to see all of the

16
00:02:11,230 --> 00:02:12,100
available.

17
00:02:12,100 --> 00:02:16,450
Come on lads for received deployment and administration.

18
00:02:16,450 --> 00:02:21,760
You can run the following command and Windows power shall get command.

19
00:02:21,760 --> 00:02:31,450
This module a DC s asterisk the following list describes some of the common class for C administration.

20
00:02:31,450 --> 00:02:35,700
You can use a DCA template command loud.

21
00:02:35,740 --> 00:02:47,430
This adds a certificate template to the C and other command letters add c c to your distribution point.

22
00:02:47,440 --> 00:02:57,010
This will add to their CTP uniform resource identifier or you are right where the C publishes certification

23
00:02:57,020 --> 00:03:05,090
revocations and other command letters at C authority information access.

24
00:03:05,180 --> 00:03:14,870
This configure is a or or CSP your arise on the C get C template.

25
00:03:14,870 --> 00:03:24,080
This gets the list of templates set on the C for issuance of certificates gets a city or distribution

26
00:03:24,080 --> 00:03:33,830
point will get all the locations set on SDP extension of the C properties get C authority information

27
00:03:33,920 --> 00:03:44,540
access will get the FIA and or CSP your array information that is set on the ay a extension of the C

28
00:03:44,540 --> 00:03:46,310
properties.

29
00:03:46,310 --> 00:03:55,010
We have also removed C template remove C is it or distribution point and remove C authority information

30
00:03:55,010 --> 00:03:56,050
access.

31
00:03:56,120 --> 00:04:09,700
This will remove templates from C remove the your right and remove a or or all as O CSP your rights

32
00:04:11,510 --> 00:04:15,360
for additional information you can refer to.

33
00:04:15,380 --> 00:04:17,300
This links.

34
00:04:17,390 --> 00:04:19,550
As for ADC as deployment.

35
00:04:19,550 --> 00:04:23,510
Come on lets and Windows power shall and a DC US administration.

36
00:04:23,510 --> 00:04:25,800
Come on let's say on Windows power shall.

37
00:04:26,680 --> 00:04:35,680
Now let's have some words about using search you tool to administer SCA while Windows power shell does

38
00:04:35,680 --> 00:04:43,410
not provide full ADC as management server to your till provides full management capability server to

39
00:04:43,410 --> 00:04:52,290
tool that exceed the command line tool that installs as part of ADC s search you still can display C

40
00:04:52,280 --> 00:05:02,730
configuration information and configure ADC as and backup and to restore C components and verifies certificates

41
00:05:02,930 --> 00:05:11,190
key pair RSM certificate change for currency configuration and management tasks you do not have to use

42
00:05:11,490 --> 00:05:12,940
search you till.

43
00:05:13,090 --> 00:05:19,810
However for more advanced tasks searching tool might be your only choice.

44
00:05:19,830 --> 00:05:27,450
For example if you want to review all configuration sets for the CIA you can do it by issuing the following

45
00:05:27,450 --> 00:05:28,390
commands.

46
00:05:28,450 --> 00:05:37,020
Sorry to steal this dump or search to till death Get Rich or a search tool does get rich.

47
00:05:37,200 --> 00:05:43,770
CIA this comment provides much more information about your AC configuration.

48
00:05:43,770 --> 00:05:52,650
This includes the type of information that is said by C policy dot Ian for after the installation by

49
00:05:52,650 --> 00:05:55,190
running post configuration scripts.

50
00:05:55,380 --> 00:06:00,710
You cannot access all the information by using this certification authority.

51
00:06:00,710 --> 00:06:11,640
Council only now to view the contents of the a container in a d d s for a domain named a data dot com.

52
00:06:11,660 --> 00:06:23,660
We can rather follow and command sir to tilt their view store and the following description we will

53
00:06:23,700 --> 00:06:32,470
get the information from L. derp where CNN equals two public key services.

54
00:06:33,570 --> 00:06:47,810
Sound equals to a service as Fiona calls to configuration DC equals to a datum and certification base.

55
00:06:47,840 --> 00:06:52,090
Now some verse about management picky Iowa's group policy.

56
00:06:52,820 --> 00:07:01,010
After your picture is in place you will need to turn to a group policy to automate distribution and

57
00:07:01,010 --> 00:07:03,590
to set configuration options.

58
00:07:03,590 --> 00:07:11,960
You can use group policy for the following areas that relate to ADC as you can use it for credential

59
00:07:11,960 --> 00:07:12,800
Roman.

60
00:07:12,800 --> 00:07:21,170
This will enable users to maintain their certificates with HDD sales across multiple computers.

61
00:07:21,170 --> 00:07:30,110
This also removes the requirement to manage multiple client certificates and private keys across multiple

62
00:07:30,110 --> 00:07:33,430
client workstations for a single user.

63
00:07:34,980 --> 00:07:44,170
Another area is auto enrolment of certificates This simplifies the issuance of certificates by enabling

64
00:07:44,170 --> 00:07:50,070
client computers to request and renew certificates automatically.

65
00:07:51,010 --> 00:07:59,740
Auto enrolment requires an enterprise C and the use of group policy to enable the computer or some users

66
00:07:59,740 --> 00:08:09,430
in Europe aided EA's environment for auto enrolment and other area is certificate pass validation with

67
00:08:09,630 --> 00:08:18,710
certificate based validation you can manage certificates that are used for code sign in deployment subordinate

68
00:08:18,720 --> 00:08:28,440
C certificates block and certificates that are not trusted and configuring retrieval Saturns for certificates

69
00:08:28,440 --> 00:08:29,560
and CRL.

70
00:08:30,510 --> 00:08:42,370
And the last area of work where you can use group policy that relate to ADC SS certificate distribution.

71
00:08:42,630 --> 00:08:51,180
Typically you use group policy for the automated distribution of certificates or to specify a sentence

72
00:08:51,270 --> 00:08:54,970
that relate to enrollment.

73
00:08:54,990 --> 00:08:59,640
Next up you'll be talking about configuring CS security.

74
00:08:59,640 --> 00:09:00,460
I'll see you there.