deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-23 14:23:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 11372: Fall Documentation Update for Ignite and for 1809 feature

Browse Source 
Includes a variety of fixes and new content based on customer request.
This commit is contained in:
Mike Stephens
2018-09-17 23:43:25 +00:00
committed by Dani Halfin
parent f173bcad43
commit 804a8d2899
182 changed files with 3161 additions and 732 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
View File

@ -8,15 +8,16 @@ ms.sitesec: library
ms.pagetype: security, mobile
author: mikestephens-MS
ms.author: mstephen
ms.localizationpriority: medium
ms.date: 10/10/2017
localizationpriority: high
ms.date: 08/19/2018
---
# Validate and Configure Public Key Infrastructure
**Applies to**
- Windows 10
- Windows 10, version 1703 or later
- On-premises deployment
- Key trust
> This guide only applies to Windows 10, version 1703 or higher.
Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model. All trust models depend on the domain controllers having a certificate. The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller.
@ -60,7 +61,7 @@ Sign-in to a certificate authority or management workstations with _Domain Admin
1. Open the **Certificate Authority** management console.
2. Right-click **Certificate Templates** and click **Manage**.
3. In the **Certificate Template Console**, right-click the **Kerberos Authentication** template in the details pane and click **Duplicate Template**.
4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2008 R2** from the **Certification Authority** list. Select **Windows 7.Server 2008 R2** from the **Certification Recipient** list.
5. On the **General** tab, type **Domain Controller Authentication (Kerberos)** in Template display name. Adjust the validity and renewal period to meet your enterprises needs.
**Note**If you use different template names, youll need to remember and substitute these names in different portions of the lab.
6. On the **Subject** tab, select the **Build from this Active Directory information** button if it is not already selected. Select **None** from the **Subject name format** list. Select **DNS name** from the **Include this information in alternate subject** list. Clear all other items.