deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md

Browse Source 
Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
This commit is contained in:
MaratMussabekov
2020-03-30 08:24:44 +05:00
committed by GitHub
parent 8985b4a89e
commit 2f21dc1a50
1 changed files with 16 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
View File

@ -159,22 +159,22 @@ Sign-in to an **AD FS Windows Server 2016** computer with _Enterprise Admin_ equ
> [!IMPORTANT]
> If the template was changed successfully, the output of the command will contain old and new values of the template parameters. The new value must contain the **CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY** parameter. Example:
>
> CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=[yourdomain]:WHFBAuthentication
>
> Old Value:
> msPKI-Private-Key-Flag REG_DWORD = 5050080 (84213888)
> CTPRIVATEKEY_FLAG_REQUIRE_SAME_KEY_RENEWAL -- 80 (128)
> CTPRIVATEKEY_FLAG_ATTEST_NONE -- 0
> TEMPLATE_SERVER_VER_WINBLUE<<CTPRIVATEKEY_FLAG_SERVERVERSION_SHIFT -- 50000 (327680)
> TEMPLATE_CLIENT_VER_WINBLUE<<CTPRIVATEKEY_FLAG_CLIENTVERSION_SHIFT -- 5000000 (83886080)
> New Value:
> msPKI-Private-Key-Flag REG_DWORD = 5250080 (86311040)
> CTPRIVATEKEY_FLAG_REQUIRE_SAME_KEY_RENEWAL -- 80 (128)
> CTPRIVATEKEY_FLAG_ATTEST_NONE -- 0
> TEMPLATE_SERVER_VER_WINBLUE<<CTPRIVATEKEY_FLAG_SERVERVERSION_SHIFT -- 50000 (327680)
> CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY -- 200000 (2097152)
> TEMPLATE_CLIENT_VER_WINBLUE<<CTPRIVATEKEY_FLAG_CLIENTVERSION_SHIFT -- 5000000 (83886080)
> CertUtil: -dsTemplate command completed successfully."
> CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=[yourdomain]:WHFBAuthentication <br>
> <br>
> Old Value: <br>
> msPKI-Private-Key-Flag REG_DWORD = 5050080 (84213888) <br>
> CTPRIVATEKEY_FLAG_REQUIRE_SAME_KEY_RENEWAL -- 80 (128) <br>
> CTPRIVATEKEY_FLAG_ATTEST_NONE -- 0 <br>
> TEMPLATE_SERVER_VER_WINBLUE<<CTPRIVATEKEY_FLAG_SERVERVERSION_SHIFT -- 50000 (327680) <br>
> TEMPLATE_CLIENT_VER_WINBLUE<<CTPRIVATEKEY_FLAG_CLIENTVERSION_SHIFT -- 5000000 (83886080) <br>
> New Value: <br>
> msPKI-Private-Key-Flag REG_DWORD = 5250080 (86311040) <br>
> CTPRIVATEKEY_FLAG_REQUIRE_SAME_KEY_RENEWAL -- 80 (128) <br>
> CTPRIVATEKEY_FLAG_ATTEST_NONE -- 0 <br>
> TEMPLATE_SERVER_VER_WINBLUE<<CTPRIVATEKEY_FLAG_SERVERVERSION_SHIFT -- 50000 (327680) <br>
> CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY -- 200000 (2097152) <br>
> TEMPLATE_CLIENT_VER_WINBLUE<<CTPRIVATEKEY_FLAG_CLIENTVERSION_SHIFT -- 5000000 (83886080) <br>
> CertUtil: -dsTemplate command completed successfully." <br>
## Publish Templates