Designing a Public Key Infrastructure Copyright 2002 Microsoft Corporation. All Rights Reserved. DetailedSteps Review the detailedsteps covered in the demonstration. Tasks DetailedSteps Important: The following step must be performed at the partner computer designated as the enterprise subordinate CA. 1. Log on as Administrator of the NWTRADERS domain. a. Log off the current user. b. Log on by using the following credentials: User name: Administrator Password: password Log on to: NWTRADERS Why must you log on as Administrator of NWTRADERS, and not as the Administrator of your child domain? A member of the Enterprise Admins group in the forest must install all enterprise CAs. Only the NWTRADERS\Administrator account is a member of the Enterprise Admins group. Designing a Public Key Infrastructure Copyright 2002 Microsoft Corporation. All Rights Reserved. Tasks DetailedSteps 2. Install Certificate Services with the following information: • CA type: enterprise subordinate CA • CA name: Computer (where Computer is the NetBIOS name of your computer) • Organization: Northwind Traders • Organizational unit: Domain (where Domain is the NetBIOS name of your child domain) • City: Computer (where Computer is the NetBIOS name of your computer) • E-mail: security@nwtrader s.msft • Parent CA: EnterpriseCA a. Open Control Panel. b. Double-click Add/Remove Programs. c. In the Add/Remove Programs dialog box, click Add/Remove Windows Components. d. In the Windows Components wizard, click Certificate Services. e. In the Microsoft Certificate Services dialog box, click Yes to continue. f. Click Next. g. In the Certification Authority Type page, click Enterprise subordinate CA, and then click Next. h. In the CA Identifying Information page, type the following information: CA name: Computer (where Computer is the NetBIOS name of your computer) Organization: Northwind Traders Organization unit: Domain (where Domain is the NetBIOS name of your child domain) City: Computer (where Computer is the NetBIOS name of your computer) E-mail: security@nwtraders.msft i. Click Next. j. In the Data Storage Location page, accept the defaults, and then click Next. k. In the CA Certificate Request page, click the Browse button. l. In the Select Certification Authority dialog box, click EnterpriseCA, and then click OK. The fully qualified domain name london.nwtraders.msft will appear in the Computer name box, and EnterpriseCA will appear as the parent CA. m. Click Next. n. In the Microsoft Certificate Services dialog box, click OK to stop the Internet Information Services. o. If required, in the Files Needed dialog box, in the Copy files from box, type \\london\setup\winsrc and then click OK. p. Click Finish. q. Click Close to close the Add/Remove Programs dialog box. r. Close Control Panel. Designing a Public Key Infrastructure Copyright 2002 Microsoft Corporation. All Rights Reserved. Tasks DetailedSteps 3. Log off the network. s. Log off the NWTRADERS\Administrator account. What CA hierarchy design is Northwind Traders deploying? Northwind Traders is creating a CA hierarchy based on location because each domain represents a geographic region on the global map. Alternatively, you could suggest that the CA hierarchy is being delegated based on organization, because there is a CA located in each domain. Do not proceed until all students groups in the classroom have completed the previous step. The instructor will then stop Certificate Services on the London computer to simulate an offline enterprise root CA. . Corporation. All Rights Reserved. Detailed Steps Review the detailed steps covered in the demonstration. Tasks Detailed Steps Important: The following step. Infrastructure Copyright 2002 Microsoft Corporation. All Rights Reserved. Tasks Detailed Steps 2. Install Certificate Services with the following information: •