FIM CM 2010 – Sommarkollo 2011 @ MS Sweden
Tack för en bra diskussion hos Microsoft i Kista under FIM CM sommarkollo 2011
Inspelningen av del 1 :
Ladda ner ADCS powershell skriptet adcs_install.ps1
Ladda ner presenationen för FIM CM Sommarkollo
Tack för en bra diskussion hos Microsoft i Kista under FIM CM sommarkollo 2011
Inspelningen av del 1 :
Ladda ner ADCS powershell skriptet adcs_install.ps1
Ladda ner presenationen för FIM CM Sommarkollo
Want to take an early look at the next version of the Security Compliance Manager (SCM) 2 tool? In this three-part screencast series with Sr. IT pro Evangelist Matt Hester, he takes you on a quick tour of the tool’s features and benefits, including new features in SCM 2 like GPO import, baseline setting customization, local GPO functionality, an enhanced user interface, and an improved installation experience.Check out these new screencasts!
New SCM 2 features include:
Version 2 of the SCM tool will release with a full complement of Microsoft product baselines, including these new and/or updated baselines:
————————————————————————————————————-
In more detail
Microsoft Security Compliance Manager (SCM) 2 provides security and compliance configuration recommendations from Microsoft, centralized baseline management features, a baseline portfolio, customization capabilities, and security and compliance baseline export flexibility to accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft products and technologies. The formerly stand-alone product-specific security guides are now included in the SCM tool.
Version 2 of the SCM tool releases with a full complement of Microsoft security and compliance baselines, including a new Windows Internet Explorer 9 Security Baseline, and updated baseline versions for Windows Server 2008 R2 SP1, Windows Server 2008 SP2, and Windows Server 2003 SP2.
These new beta baselines provide:
Additional product baselines are currently in development, including baselines for: Windows 7 SP1, Microsoft Exchange Server 2007, Exchange Server 2010, SQL Server 2008 and SQL Server 2008 R2 (multiple roles), Office 2010, Windows Vista SP2, Windows XP SP3, and Windows Internet Explorer 8.
To learn more about the Security Compliance Manager tool, visit the TechNet Library.
It is pretty straight forward to configure SSL Client Certificate Authentication in UAG, just follow the steps in the online guide at http://technet.microsoft.com/en-us/library/ee861163.aspx and you should be able to run in almost no time except for an issue that occurs whenever your logon name and common name does not match!
An authentication error will occur with the error message in UAG telling that the user account does not have the expected cn, upn or email value that has been extracted from the users SSL authentication certificate at the time of logon. Looking at the certificate all values of cn, upn and email shows a 100% match of the same values on the user account!
Looking at the cert auth scripts in UAG we can see that UAG is using the value of the common name of the certificate subject as the user_name. The user_name is then used to obtain information from Active Directory regarding that user account. And this is where the error occurs, the matching for the username is simply wrong.
To correct this you can obtain the UPN value from the client certificate in the certificate validation script and use that value to obtain the user logon name by simply splitting at the @ sign.
Download the UAG customupdate-cert scripts and make sure to change the authserver01 key word to the name of your authentication repository.
/Hasain