Why This Chapter Matters

Encryption is a tremendously powerful security tool, providing authentication and high levels of privacy and data integrity that would otherwise be impossible. For encryption to be useful in an enterprise, you must deploy a public key infrastructure (PKI). Microsoft Windows Server 2003 implements PKI functionality in Certificate Services. As a security administrator, you need to be able to build a PKI infrastructure to suit the needs of organizations ranging from small businesses to enterprises.

Deploying the infrastructure is only the beginning, however. You also need to make the deployment of certificates to end users an easy and straightforward task. Ideally, you will deploy certificates with no user interaction whatsoever. You will also need to be able to save the day when users lose their private keys by recovering the private key and restoring their access to encrypted data.

Before You Begin

If you fulfilled the requirements for the previous chapters, you already have the necessary hardware configured. At a minimum, however, you will need to change the domain membership of Computer2. To do the practices, examples, and lab exercises in this chapter, you must have:

• A private network that is connected to the Internet and protected by a firewall. This network should include only computers that you are using to complete the exercises in this chapter; it specifically must not have any production computers connected to it.

• Two computers. Perform a Windows Server 2003 installation with default settings on both computers. Assign the computer name Computer1 to the first computer. Add the Domain Controller role to the computer using the default settings, and specify the domain name cohowinery.com. Configure the computer to use itself as its own primary Domain Name System (DNS) server. Assign the computer name Computer2 to the second computer. Configure the computer to use Computer1 as its primary DNS server. Then join it to the cohowinery.com domain, and add the Domain Controller role.