Yesterday I published another version of my PowerShell PKI module.

Reached milestone

At first, I want to announce an important notice about this release. This release is the latest release that is compiled (underlying API in PKI.Core.dll) under .NET Framework 2.0. Next release will require .NET Framework 4.0, because I want to get rid of some internal helpers and replace them with LINQ expressions, also I’d like to utilize new features in .NET 4.0 itself.

In addition, this release is the latest release that respects certification authorities that run on Windows Server 2003-based computers. New commands (which will be added in future releases) will not guarantee Windows Server 2003 support.

Existing changes

The following changes are made in existing commands (without breaking their behavior or syntax):

Yesterday I released another version of PS Cmdlet Help Editor. It is minor update, which resolves several issues (not very critical), internal code redesign and added support for PowerShell 4.0.

Two notable updates were made in this release:

1) Support Information tab

in this tab you can specify basic requirements and platforms your module supports. When you save help file, support information (if it is enabled in the settings), this support information is saved in the same folder with the following naming format: <ModuleName>.supports.xml. And when you load your module next time, the editor attempts to find appropriate file to fill this tab.

Many of you use IIS web servers in corporate network for various purposes, for example, to host internal/external web site, ADCS web services, OCSP, WSUS and this list is very long. It is common to manage them all from a centralized place, for example, from web server administrator’s computer. In other words, IIS servers are not managed directly from console.

The problem

By default IIS do not allow remote administration, you have to enable it by starting (and, likely, setting start type to Automatic) Web Management Service (WMSVC). Ok, you started the service on a web server and attempt to connect to the server from remote IIS management console:

In this article I will show the techniques used to determine effective permissions for a user or computer account on a certificate template.

The problem

When you open certificate template in Certificate Templates MMC snap-in (certtmpl.msc) or in ADSI Editor (adsiedit.msc) and switch to Security tab, you will see the following:

When you click Advanced button, you won’t see Effective Permissions tab like in NTFS permission editor:

Hello, everyone! Today I’m feeling good as Flyers eventually managed more than 2 goals per game and Lecavalier set up a hat-trick against Isles. Big WIN! So, I’ll continue Certification Authority backup API coverage and usage in PowerShell.

In the previous post we learned what functions are used for CA backup, their sequence and ended with CA database location retrieval. Today we will continue the backup process and today’s post will cover:

• Database backup
• Identification of log files to be backed up
• Log file backup
• CA Configuration backup
• CA key backup

  Database file backup

  Let’s move forward. We have a $DBPaths variable that holds CA database location. Note that database location is specified in an UNC form (\\serverNameFQDN\C$\Windows\CertLog, for example). We need to pass this path to three functions: