Important: The following step must be performed at the partner computer designated as the enterprise subordinate CA.. Log on by using the following credentials: User name: Administrator
Trang 1Detailed Steps
Review the detailed steps covered in the demonstration
Important: The following step must be performed at the partner computer designated as the enterprise
subordinate CA
1 Log on as Administrator of
the NWTRADERS domain
a Log off the current user
b Log on by using the following credentials:
User name: Administrator
Password: password
Log on to: NWTRADERS
Why must you log on as Administrator of NWTRADERS, and not as the Administrator of your child domain?
A member of the Enterprise Admins group in the forest must install all enterprise CAs Only the NWTRADERS\Administrator account is a member of the Enterprise Admins group
Trang 22 Install Certificate
Services with the
following information:
• CA type:
enterprise
subordinate CA
• CA name:
Computer (where
Computer is the
NetBIOS name of
your computer)
• Organization:
Northwind Traders
• Organizational
unit: Domain
(where Domain is
the NetBIOS name
of your child
domain)
• City: Computer
(where Computer
is the NetBIOS
name of your
computer)
• E-mail:
security@nwtrader
s.msft
• Parent CA:
EnterpriseCA
a Open Control Panel
b Double-click Add/Remove Programs
c In the Add/Remove Programs dialog box, click Add/Remove
Windows Components
d In the Windows Components wizard, click Certificate Services
e In the Microsoft Certificate Services dialog box, click Yes to
continue
f Click Next
g In the Certification Authority Type page, click Enterprise
subordinate CA, and then click Next
h In the CA Identifying Information page, type the following
information:
CA name: Computer (where Computer is the NetBIOS name of your
computer) Organization: Northwind Traders
Organization unit: Domain (where Domain is the NetBIOS name of your child
domain)
City: Computer (where Computer is the NetBIOS name of your computer)
E-mail: security@nwtraders.msft
i Click Next
j In the Data Storage Location page, accept the defaults, and then click
Next
k In the CA Certificate Request page, click the Browse button
l In the Select Certification Authority dialog box, click EnterpriseCA, and then click OK
The fully qualified domain name london.nwtraders.msft will appear in the Computer name box, and EnterpriseCA will
appear as the parent CA
m Click Next
n In the Microsoft Certificate Services dialog box, click OK to stop the
Internet Information Services
o If required, in the Files Needed dialog box, in the Copy files from box, type \\london\setup\winsrc and then click OK
p Click Finish
q Click Close to close the Add/Remove Programs dialog box
r Close Control Panel
Trang 33 Log off the network s Log off the NWTRADERS\Administrator account
What CA hierarchy design is Northwind Traders deploying?
Northwind Traders is creating a CA hierarchy based on location because each domain represents
a geographic region on the global map Alternatively, you could suggest that the CA hierarchy is being delegated based on organization, because there is a CA located in each domain
Do not proceed until all students groups in the classroom have completed the previous step The instructor will then stop Certificate Services on the London computer to simulate an offline enterprise root CA