As with all types of auditing, you should select events that are meaningful
to you so you can trace what happened without cluttering up your log with events
you don??™t really need.
The Recovery Agents tab (Figure 12-12) gives you access to data encrypted using a
certificate without having the original key. If you have recovery agent certificates configured
on your server, you can use this tab to archive keys for certificate templates that
request to do so and allow those recovery agents to gain access to those keys.
Security permissions around the CA store can be configured in the Security tab
(Figure 12-13). Four different permissions can be allowed or denied:
?–? Read Lets you view certificates within the store.
?– Issue and Manage Certificates Allows you to issue, revoke, and manage
certificates within the store.
?– Manage CA Covers all CA management-related tasks not directly relating to
issuing and managing certificates.
?–? Request Certificates Lets you request a new certificate. This permission
can apply to both user and computer accounts and of course security groups
containing either object type.
Figure 12-11. Auditing tab
419 Chapter 12: Enterprise Public Key Infrastructure
Figure 12-12. Recovery Agents tab
Figure 12-13. Security tab
420 Microsoft Windows Server 2008 Administration
The Extensions tab (Figure 12-14) lets you configure locations of various CA extensions,
such as the CRL Distribution Point.
Pages:
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452