Condensed Version of Implementing PKI on Win2003

Setting up a Stand-Alone Root CA

1. Install and patch a Windows Server 2003 and put it in a Workgroup
2. Prepare a CAPolicy.inf file and put it in %SystemRoot%
3. Install Certificate Services from the Install CD according to following

      – Stand-Alone Root CA
      – Use custom settings to generate the key pair and CA certificate 
      – Microsoft Strong Cryptographic Provider
      – Hash Algorithm: SHA-1
      – Key length: 4096
      – Clear Allow this CSP to interact with the desktop and Use an existing key 
      – Create Common Name and Distinguished name suffix
      – Validation Period: 10 years
      – Set Certificate database and Certificate database log
      – Store configuration information in a shared folder and enter a local Path

4. Verify the Root CA Certificate

      – certutil –ca.cert CommonName.cer
      – certutil.exe CommonName.cer

5. Verify the CommonName Configuration Information

      – certutil –cainfo
      – certutil –getreg | find /I Directory

Configuring the Root CA

1. Map the Namespace of Active Directory to an Offline CA’s Registry Configuration

      – certutil.exe –setreg caDSConfigDN CN=Configuration,DC=concorp,DC=contoso,DC=com

2. Configure CorporateRootCA Distribution Points for CRL and AIA (Look in the Source Document)
3. Finalize the CA Configuration

Source: Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure

Moving a DHCP server from one server to another

Here are som nice info on moving DHCP from a Server to another

Sources:

How to move a DHCP database from one server to another in Windows NT 4.0 and in Windows 2000

How to move a DHCP database from a computer that is running Windows NT Server 4.0, Windows 2000, or Windows Server 2003 to a computer that is running Windows Server 2003

Dhcpexim.exe – Tool for exporting database from NT4 or 2000 DHCP

How do I create a driver diskette for an IBM server

Creating diskettes on Windows

Complete the following steps to create a diskette:

1. Insert the IBM ServeRAID Support CD into the CD-ROM drive.

2. Insert a blank diskette into the diskette drive.

3. Open a DOS window.

4. At the command prompt, type the following and press Enter:

e:diskettetoolsdsk4w32 e:diskettediskettetypedisketteimage a:

where

e is the drive letter for the CD-ROM drive.

diskettetype is scsi or sata, depending on the driver type.

disketteimage is the name of the diskette image.

a is the drive letter for the diskette drive.

5. Remove the CD from the CD-ROM drive.

6. Remove the diskette from the diskette drive and label the diskette appropriately.

Delete printer drivers

If the Print Spooler service is operational:

  1. Open the Printers (Printers and Faxes on Windows XP) folder

  2. delete all of the printers

  3. click File, Server Properties

  4. select the Drivers tab

  5. for each entry:

    1. select the entry

    2. click Remove

Usually, this will do a pretty good job of cleaning out drivers with Windows 2000 and later (not so with Windows NT 4). 

 

If the Print Spooler service is not operational, or you want to make certain there are no printer driver remnants, either follow the instructions below or use cleanspl.exe from the Windows 2000, XP or 2003 Resource Kit (http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&DisplayLang=en).  cleanspl.exe from the Windows 2003 Resource Kit tools will work on Windows XP. 

Some information about cleanspl.exe:

  • cleanspl.exe does a very thorough job of cleaning up the print spooler stuff, but it does not remove the spooler service dependency on the Lexmark service (see special information about Lexmark printer drivers). 

  • You can use it to clean up the spooler stuff on another computer (i.e. remotely). 

  • When you run it, it asks you if you want to remove some things that are actually delivered (and installed by default) with Windows.  In most cases, you should answer No to the corresponding prompts (you don’t want to remove the Standard TCP/IP Port or the BJ Language Monitor).

Here’s how to clean up the print spooler stuff if cleanspl.exe is not available or you prefer to do things manually.

 

Warning! be very careful using regedit – if you delete the wrong things, you may render your computer inoperative!

  1. open regedit (e.g. click Start, key regedit and press Enter)

  2. navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlPrintEnvironmentsWindows NT x86Drivers

under this key, there will be the keys Version-2 and Version-3 (one or the other of these may be absent – not a problem)

    the sub-keys under these contain the printer driver configuration information

delete all the sub-keys inside Version-2 and Version-3, but not these keys themselves

The Microsoft Knowledgebase article at http://support.microsoft.com/default.aspx?scid=kb;en-us;312052 lists some other registry entries to delete, but this is not usually necessary.

  1. open a Command Prompt window

  2. key the commands
           net stop spooler
           net start spooler

  3. open Windows Explorer

  4. navigate to %systemroot%system32spoolprinters and delete any files there.  By default, this is where the print spooler stores print files.

  5. navigate to %systemroot%system32spooldriversw32x86 (%systemroot% is usually Windows, but it might be winnt or something else; this is set when the OS is installed).

  6. inside w32x86, there will be folders with the names 2 and 3 (one or more of these may be absent – not a problem)
           delete all of the files and sub-folders in each of the 2 and 3 folders, but not the folders themselves
         inside w32x86, there may be other folders with names starting with “hewlett_packard”, “hphp” or something else; delete these folders also

  7. restart the print spooler (see steps 8 and 9 above)

    Source