Tip:
Highlight text to annotate it
X
Welcome to the ITFreeTraining video on the new features in Windows Server 2012 added
to Active Directory Certificate Services. In this video I will quickly go over the new
features included with Windows Server 2012. There are some good features included in Windows
Server 2012 but this will be a short video as they do not require much explaining.
The first new feature is Server Core Support. Server core support was available in Windows
Server 2008 R2, however support has improved so that all 6 components in Active Directory
Certificate Services have good support if you plan to use certificate services on server
core. The next new feature is improved PowerShell
support. This support includes deployment support as well as configuration options.
With Windows Server 2012, Microsoft has improved support for PowerShell in a lot of difference
areas. Using PowerShell you should be able to perform any option that you can perform
using the GUI. The next feature is support for automatic
renewal for non-domain computers. This includes computers that are in a workgroup or computers
that are not part of the company’s network. For example, if the computer belongs to a
partner or customer that the company does not own or manage.
The difference between Windows Server 2012 and Windows Server 2008 R2 feature wise is
that previously the process of renewing a certificate was not automatic. The renewal
process was manual. Now with Windows Server 2012, when the certificate has been issued
and later needs to be renewed, the client can use that certificate to authenticate itself
and renew the certificate. The initial certificate issuing is manual and likely to stay that
way for security reasons. The next new feature is Enforcement of certificate
renewal with the same key. This option would generally be used by hardware like the Trust
Platform Module or TPM. A TPM contains a key that is used for encryption. For example,
a TPM is used with BitLocker. If you were to use a certificate with this the TPM key
at some stage the certificate would expire. If you tick this option, the certificate will
be renewed with the same key rather than a new key. Why is this important? A TPM is a
hardware device that keeps the key stored and does not allow it to be accessed directly.
Since the key is safe in the TPM, it is better in these circumstances to keep using the same
key. If you do decide to use this option, the client needs to be Windows 8 or Windows
Server 2012. The next feature is support for international
domain names. This essentially means that non ASCII characters can be used. If you plan
on using this feature, check the reference list in the description of this video for
what these characters can be used with. Even though there is additional support, not all
functions in certificates can fully utilize international characters.
The last new feature in Windows Server 2012 is site awareness. If you are running Windows
8 or Windows Server 2012, this allows the client to detect which site it is in. If there
is no CA in that site, the client will work out the closest CA using the costs associated
with the Active Directory links. This has been a quick overview of the new
features in Windows Server 2012. I hope you have enjoyed this video and can continue to
watch our other free videos on Certificates and other free IT video from ITFreeTraining.