Welcome to YLOAN.COM
HOME MARKETS TRADE SOLUTIONS TECH CONTACT
yloan.com » Customer Service » Operating System Roles That Can Use Certificate Services
Marketing Advertising Branding Careers-Employment Change-Management Customer Service Entrepreneurialism Ethics Marketing-Direct Negotiation Outsourcing PR Presentation Resumes-Cover-Letters Sales Sales-Management Sales-Teleselling Sales-Training Strategic-Planning Team-Building Top7-or-Top10-Tips Workplace-Communication aarkstore corporate advantages development collection global purchasing rapidshare grinding wildfire shipping trading economy wholesale agency florida attorney strategy county consumer bills niche elliptical

Operating System Roles That Can Use Certificate Services

Operating System Roles That Can Use Certificate Services


In addition to using the CA-specific roles, you can use several operating system roles to strengthen the role-based security model for certificate services. The roles either exist as default groups or can be created as custom groups that have been granted specific user rights and permissions. Operating system roles are: MCSE Certification

Backup Operator Has the backup files and directories right and the restore files nd directories right. Backup operators can also stop the Certificate Service (but they cannot start it again).

Auditor Has the manage auditing and security log permission. Users with this permission can configure, view, and maintain the audit logs. The role of auditor should be held by someone outside of normal IT operations as well as by IT employees.


Enrollees Have the authority to request certificates from the CA. By default, the

Enroll permission is granted to Authenticated Users. This can be changed by granting the Enroll permission to some other built-in or custom group or groups and removing the permission from Authenticated Users. Note that Enrollees are authorized to request certificates. Certificate requests can be refused. If certificates are manually accepted, each request can be reviewed and either granted or denied. If certificates are automatically issued, permissions on certificate templates should be used to restrict issuance to authorized security principals. MCSE Exam

Administrator Has full control by default. If separation of roles is enabled, the Administrator retains the right to renew CA keys and certificates, and perform bulk deletion of rows in the CA database.


By default, all CA roles are assigned to Administrators of the CA computer. Enterprise CAs are always domain member computers and thus can be managed by members of the local Administrators group of the CA computer, the Enterprise Administrators group, and the Domain Administrators group. Stand-alone CAs are managed by Domain Administrators and local Administrators when joined to a domain, and by local Administrators when their systems are stand-alone. CA-specific roles are assigned to groups or users (local or domain, depending on computer domain membership) by using the Certification Authority console. Operating system roles are assigned in the usual manner, by using Active Directory Users and Computers in a domain, and Computer Management on a stand-alone system.

The operating system administrator is not the same as the CA Administrator. However, while the computer administrator role might be necessary to perform some duties necessary for the CA, the assignment of the CA Administrator role does not provide a user with computer Administrator privileges. The CA Administrator role applies only to specific CA-related tasks.

Off the Record Key archival provides an example of how the role separation between CA Administrator and Certificate Manager provides separation of duties. When key archival is used, the copy of the private key is encrypted and the key "blob" (the encrypted key) is stored in the CA database. Only the Certificate Manager can retrieve this blob, but only the valid Key Recovery Agent can decrypt the key data. This is an example of separation of duties. The Key Recovery Agent role is not a CA administrative role, but it is important to proper CA functioning. The Key Recovery Agent cannot, on his own, retrieve user keys and decrypt them. The Certificate Manager can retrieve the key blob but cannot decrypt it. Thus either, on his own, cannot obtain and use private keys that belong to others. One would have to be in cahoots with the other, a situation that is not likely to happen.

by: endeavor03
Apple Ipad Deals : To Benefit Customers Even More! Benefits Of Predictive Analytics And Data Mining Services 24/7 Answering Service Credit Card Debt Consolidation Loan Services - Offering An Five Easy Way Out Of Bad Debt Bad Publicity Affects Traditional Posting Services Outsourcing Your Customer Service Find The Best Credit Counseling Services Best Essay Services Provider In Uk Why You Should Sign Up With Plus Size Dating Services Pursuing Gsa Services What The Senior Executive Service Is Inshuttle Provides University Shuttle Service To Nashville Payroll Services - What Are The Top 7 Habits Of Awesome Vendors
print

Contact

mail:info@yloan.com

www.yloan.com

About us Infoline Team Join us Cooperation

Products

Yloan information

Our Solutions

Presentation Testimonials Examples Our experts Resources

Press Room

Advertisement Interviews Hot news Photos Marketing

Resources

loan info finance info
www.yloan.com guest:  register | login | search IP(216.73.216.142) California / Anaheim Processed in 0.017901 second(s), 7 queries , Gzip enabled , discuz 5.5 through PHP 8.3.9 , debug code: 20 , 3936, 133,
Operating System Roles That Can Use Certificate Services Anaheim