登录
Microsoft.com
 
Microsoft
 
 
 

none
为什么不建议将证书服务安装在域控服务器上? RRS feed

 > 

答案

  • Question
    登录进行投票
    0
    登录进行投票

    Depending on your Active Directory Certificate Services deployment scenario, you might encounter the following situations:

    • After you install a Certificate Authority on a Domain Controller, the Domain Controller can no longer be renamed or demoted.
    • Switching to an Enterprise Root Authority (for v3 templates) from a Standard Root Authority requires reinstallation of Windows Server. Reinstallation of Domain Controllers is not to be taken lightly.
    • Upgrading the Certificate Authority requires upgrading the Active Directory Domain Controller and thus Active Directory Schema.
    • You cannot deploy an offline root Certificate Authority on a Domain Controller (and keep it offline for a period longer than the default tombstone lifetime)
    • It is unadvisable to deploy an Internet-facing Certificate Authority of Online Responder on a Domain Controller. This is a serious security risk.
    2013年4月11日 9:58
    |

全部回复

  • Question
    登录进行投票
    0
    登录进行投票

    Depending on your Active Directory Certificate Services deployment scenario, you might encounter the following situations:

    • After you install a Certificate Authority on a Domain Controller, the Domain Controller can no longer be renamed or demoted.
    • Switching to an Enterprise Root Authority (for v3 templates) from a Standard Root Authority requires reinstallation of Windows Server. Reinstallation of Domain Controllers is not to be taken lightly.
    • Upgrading the Certificate Authority requires upgrading the Active Directory Domain Controller and thus Active Directory Schema.
    • You cannot deploy an offline root Certificate Authority on a Domain Controller (and keep it offline for a period longer than the default tombstone lifetime)
    • It is unadvisable to deploy an Internet-facing Certificate Authority of Online Responder on a Domain Controller. This is a serious security risk.
    2013年4月11日 9:58
    |
  • Question
    登录进行投票
    0
    登录进行投票
    其实也还好 ,也么有绝对的

    技术超级500人群:66140619 第三波(Acer)上海分公司招聘技术工程师: ------------------------------------- 熟悉一门或者多门微软技术、个性鲜明并能够主动处理问题,客户沟通能力良好! 一年14薪左右、年度TechED(依据实际表现),免费参加微软各类技术培训。 工作职责:提供客户 Daily Support & On-site support,与技术主管及Partner合作达成项目工总目标! 详情加群交流!

    2013年4月11日 23:37
    |
    版主