deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #10262 from VLG17/patch-151

Browse Source 
add info
This commit is contained in:
Tina Burden 2022-01-26 10:33:48 -08:00 committed by GitHub
commit 18b43f185a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
View File

@ -55,15 +55,17 @@ Windows Hello for Business must have a public key infrastructure regardless of t
This guide assumes most enterprises have an existing public key infrastructure. Windows Hello for Business depends on a Windows enterprise public key infrastructure running the Active Directory Certificate Services role from Windows Server 2012 or later. This guide assumes most enterprises have an existing public key infrastructure. Windows Hello for Business depends on a Windows enterprise public key infrastructure running the Active Directory Certificate Services role from Windows Server 2012 or later.
For more details about configuring a Windows enterprise public key infrastructure and installing Active Directory Certificate Services, see [Follow the Windows Hello for Business hybrid key trust deployment guide](/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki#follow-the-windows-hello-for-business-hybrid-key-trust-deployment-guide) and [Install the Certification Authority](/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority).
> [!NOTE]
> Never install a certificate authority on a domain controller in a production environment.
### Lab-based public key infrastructure ### Lab-based public key infrastructure
The following instructions may be used to deploy simple public key infrastructure that is suitable for a lab environment. The following instructions may be used to deploy simple public key infrastructure that is suitable for a lab environment.
Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 or later server where you want the certificate authority installed. Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 or later server where you want the certificate authority installed.
>[!NOTE]
>Never install a certificate authority on a domain controller in a production environment.
1. Open an elevated Windows PowerShell prompt. 1. Open an elevated Windows PowerShell prompt.
2. Use the following command to install the Active Directory Certificate Services role. 2. Use the following command to install the Active Directory Certificate Services role.
```PowerShell ```PowerShell
@ -148,4 +150,4 @@ Alternatively, you can configure Windows Server 2016 Active Directory Federation
3. New Installation Baseline (*You are here*) 3. New Installation Baseline (*You are here*)
4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md) 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
5. [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md) 5. [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md)
6. [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md) 6. [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md)