References & Links

(Thanks to David Cross for the links)

Top Whitepapers:

  1. Default Access Control Settings in Windows Server 2003 whitepaper: http://www.microsoft.com/downloads/details.aspx?FamilyId=2A76C348-FE02-4CB7-9B7A-5A0B9964BD9C&displaylang=en

  2. Internal link to PKI landscape, deployments, challenges, topologies, etc. http://winweb/security/pki/Docs/analysts/Burton/public%20key%20infrastructure_770.pdf

  3. List of new XP and 2003 features: http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx

  4. Auto-enrollment whitepaper: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx

  5. Best Practices for implementing Windows Server 2003 PKI: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx   and http://www.microsoft.com/technet/itsolutions/wssra/raguide/Certificate_Services_SB_1.mspx

  6. Microsoft Systems Architecture: http://www.microsoft.com/resources/documentation/msa/2/all/solution/en-us/msa20rak/vmhtm122.mspx

  7. Cross-certification and Qualified subordination whitepaper: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03qswp.mspx

  8. Windows Server 2003 certificate templates whitepaper: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspx

  9. Windows Server 2003 key archival and recovery whitepaper: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/kyacws03.mspx

Guides:

  1. The Secure Access Using Smart Cards Planning Guide : http://www.microsoft.com/technet/security/topics/networksecurity/securesmartcards/default.mspx

  2. Windows Server 2003 PKI operations and configuration guide: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx

  3. Windows Server 2003 PKI management whitepaper: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx

  4. Windows Server 2003 advanced certificate enrollment whitepaper: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx

  5. Windows Server 2003 web enrollment and troubleshooting guide: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx

  6. Troubleshooting Certificate Status and Revocation whitepaper: http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx

  7. IPSEC deployment guide: http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/default.mspx

  8. MSS wireless guide: http://www.microsoft.com/downloads/details.aspx?FamilyId=CDB639B3-010B-47E7-B234-A27CDA291DAD&displaylang=en

  9. Wireless PEAP guide: http://www.microsoft.com/downloads/details.aspx?FamilyID=60c5d0a1-9820-480e-aa38-63485eca8b9b&displaylang=en

Tutorials and Reference Collection:

  1. Smart Card Mini Driver (a.k.a Card Module) Specification - http://www.microsoft.com/whdc/device/input/smartcard/sc-minidriver.mspx 

  2. Windows Vista SDK - http://www.microsoft.com/downloads/details.aspx?familyid=7614FE22-8A64-4DFB-AA0C-DB53035F40A0&displaylang=en

  3. Windows Vista Cryptography Next Generation (CNG) SDK - http://www.microsoft.com/downloads/details.aspx?FamilyId=1EF399E9-B018-49DB-A98B-0CED7CB8FF6F&displaylang=en

  4. This is the overall link to the PKI Technologies collection, which serves as the umbrella introduction to the Certificates, Certificate Services, and CA Certificate Technical Reference sub-collections :

    1. http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_sec_pki_over.asp

    2. If you want to use links to the individual collections:

      1. CA Certificates: http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_cacrt_Intro.asp

      2. Certificates: http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_certs_intro.asp

      3. Certificate Services: http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_crtsv_intro.asp

    3. EFS is covered in the Data Security collection. The link to the EFS Technical Reference is: http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_efs_Intro.asp

  5. Guidelines for Enabling Smart Card Logon with Third-Party Certification Authorities (Q281245): http://support.microsoft.com/default.aspx?scid=kb;en-us;Q281245

    1. Requirements for Domain Controller Certificates from a Third-Party CA (Q291010): http://support.microsoft.com/default.aspx?scid=kb;en-us;Q291010 
  6. How to Import a Third-Party Certificate into the NTAuth Store (Q295663): http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q295663

    1. Step by Step Guide to Certificate Mapping: http://www.microsoft.com/windows2000/techinfo/planning/security/mappingcerts.asp
  7. How to Enable LDAP over SSL with a Third-Party Certification Authority: http://support.microsoft.com/default.aspx?scid=kb;en-us;321051

  8. Third-Party Certificate Authority Support for Encrypting File System (Q273856 http://support.microsoft.com/default.aspx?scid=kb;en-us;Q273856

  9.  Strong Private Key Protection: http://support.microsoft.com/default.aspx?scid=kb;en-us;320828

  10. Enrollment Samples:http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dncapi/html/certenrollment.asp and http://download.microsoft.com/download/F/1/C/F1C40AF2-8DBE-4F13-B9CA-94F2E0E2DE2F/certificateenrollmentsamples.exe

  11. Win2k info: http://support.microsoft.com/search/default.aspx?Query=windows+2000+eap+tls+computer+authentication 

  12. Certificate Services Tools and Settings: http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/w2k3tr_crtsv_tools.asp 

  13. EFS: http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx and http://www.msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/WinNETSrvr-EncryptedFileSystem.asp

  14. DPAPI: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/windataprotection-dpapi.asp 

  15. PKI page: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/prodtech/pkitech.asp 

  16. Resource kit: http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en

  17. CAPICOM: http://www.microsoftcom/downloads/details.aspx?FamilyId=860EE43A-A843-462F-ABB5-FF88EA5896F6&displaylang=en 

  18. CAPIMON: http://www.microsoft.com/downloads/details.aspx?FamilyId=0BFE87A8-4E79-4441-9D4C-0CAB35D49A01&displaylang=en.

  19. Anti-spyware: http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671 

  20. MSCEP: http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=9f306763-d036-41d8-8860-1636411b2d01 

  21. Windows CE: http://msdn.microsoft.com/library/?url=/library/en-us/dncenet/html/certificateenrollment.asp?frame=true 

  22. Identrus and OCSP: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/rpcrypto.asp 

  23. Root Program: http://www.microsoft.com/technet/security/news/rootcert.mspx 

  24. Adminpak: http://www.microsoft.com/downloads/details.aspx?FamilyID=c16ae515-c8f4-47ef-a1e4-a8dcbacff8e3&displaylang=en

  25. CSP test suite: http://download.microsoft.com/download/a/9/8/a9831d81-013e-4ba8-a186-18c9133a2cc2/CSPTSTS10.EXE

Vendor Related Info:

  1. Ncipher: http://www.microsoft.com/windows2000/techinfo/administration/security/win2kpki.asp

  2. Chrysalis: http://www.microsoft.com/windows2000/techinfo/planning/chrysalis.asp