Windows Server 2008 Network Policy Server (nps) Operations Guide icon

Windows Server 2008 Network Policy Server (nps) Operations Guide




Скачати 326.71 Kb.
НазваWindows Server 2008 Network Policy Server (nps) Operations Guide
Сторінка14/16
Дата конвертації17.02.2014
Розмір326.71 Kb.
ТипДокументи
1   ...   8   9   10   11   12   13   14   15   16
^

Configure the TLS Handle Expiry Time on Client Computers


Use this procedure to change the amount of time that client computers cache the Transport Layer Security (TLS) handle of an NPS server. After successfully authenticating an NPS server, client computers cache TLS connection properties of the NPS server as a TLS handle. The TLS handle has a default duration of 10 hours (36,000,000 milliseconds). You can increase or decrease the TLS handle expiry time by using the following procedure.

Important

This procedure must be performed on an NPS server, not on a client computer.

^ Administrative credentials

To complete this procedure, you must be a member of the Administrators group.

To configure the TLS handle expiry time on client computers

    1. On an NPS server, open Registry Editor.

    2. Browse to the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL

    3. On the Edit menu, click New, and then click Key.

    4. Type ClientCacheTime, and then press ENTER.

    5. Right-click ClientCacheTime, click New, and then click DWORD (32-bit) Value.

    6. Type the amount of time, in milliseconds, that you want client computers to cache the TLS handle of an NPS server after the first successful authentication attempt by the NPS server.


^

Configure the TLS Handle Expiry Time on NPS Servers


Use this procedure to change the amount of time that NPS servers cache the Transport Layer Security (TLS) handle of client computers. After successfully authenticating an access client, NPS servers cache TLS connection properties of the client computer as a TLS handle. The TLS handle has a default duration of 10 hours (36,000,000 milliseconds). You can increase or decrease the TLS handle expiry time by using the following procedure.

Important

This procedure must be performed on an NPS server, not on a client computer.

^ Administrative credentials

To complete this procedure, you must be a member of the Administrators group.

To configure the TLS handle expiry time on NPS servers using the Windows interface

    1. On an NPS server, open Registry Editor.

    2. Browse to the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL

    3. On the Edit menu, click New, and then click Key.

    4. Type ServerCacheTime, and then press ENTER.

    5. Right-click ServerCacheTime, click New, and then click DWORD (32-bit) Value.

    6. Type the amount of time, in milliseconds, that you want NPS servers to cache the TLS handle of a client computer after the first successful authentication attempt by the client.


^

Obtain the SHA-1 Hash of a Trusted Root CA Certificate


Use this procedure to obtain the Secure Hash Algorithm (SHA-1) hash of a trusted root certification authority (CA) from a certificate that is installed on the local computer. In some circumstances, such as when deploying Group Policy, it is necessary to designate a certificate by using the SHA-1 hash of the certificate.

When using Group Policy, you can designate one or more trusted root CA certificates that clients must use in order to authenticate the NPS server during the process of mutual authentication with EAP or PEAP. To designate a trusted root CA certificate that clients must use to validate the server certificate, you can enter the SHA-1 hash of the certificate.

This procedure demonstrates how to obtain the SHA-1 hash of a trusted root CA certificate by using the Certificates Microsoft Management Console (MMC) snap-in.

^ Administrative credentials

To complete this procedure, you must be a member of the Users group on the local computer.

To obtain the SHA-1 hash of a trusted root CA certificate

    1. Click ^ Start, click Run, type mmc, and then click OK. The Add or Remove Snap-ins dialog box opens.

    2. In Add or Remove Snap-ins, in Available snap-ins, double-click Certificates. The Certificates snap-in wizard opens. Click Computer account, and then click Next.

    3. In Select Computer, ensure that Local computer (the computer this console is running on) is selected, click Finish, and then click OK.

    4. In the left pane, double-click Certificates (Local Computer), and then double-click the Trusted Root Certification Authorities folder.

    5. The Certificates folder is a subfolder of the Trusted Root Certification Authorities folder. Click the Certificates folder.

    6. In the details pane, browse to the certificate for your trusted root CA. Double-click the certificate. The Certificate dialog box opens.

    7. In the Certificate dialog box, click the Details tab.

    8. In the list of fields, scroll to and select Thumbprint.

    9. In the lower pane, the hexadecimal string that is the SHA-1 hash of your certificate is displayed. Select the SHA-1 hash, and then press the Windows keyboard shortcut for the Copy command (CTRL+C) to copy the hash to the Windows clipboard.

    10. Open the location to which you want to paste the SHA-1 hash, correctly locate the cursor, and then press the Windows keyboard shortcut for the Paste command (CTRL+V).


1   ...   8   9   10   11   12   13   14   15   16



Схожі:

Windows Server 2008 Network Policy Server (nps) Operations Guide iconStep-by-Step Guide for Configuring Network Load Balancing with Terminal Services: Windows Server 2008

Windows Server 2008 Network Policy Server (nps) Operations Guide iconStep-by-Step Guide for Configuring a Two-Node File Server Failover Cluster in Windows Server 2008

Windows Server 2008 Network Policy Server (nps) Operations Guide iconStep-by-Step Guide for Configuring a Two-Node Print Server Failover Cluster in Windows Server 2008

Windows Server 2008 Network Policy Server (nps) Operations Guide iconServer Core Installation Option of Windows Server 2008 Step-By-Step Guide

Windows Server 2008 Network Policy Server (nps) Operations Guide iconStep-by-Step Guide for File Server Resource Manager in Windows Server 2008

Windows Server 2008 Network Policy Server (nps) Operations Guide iconStep-by-Step Guide for Windows Deployment Services in Windows Server 2008

Windows Server 2008 Network Policy Server (nps) Operations Guide iconStep-by-Step Guide for Storage Manager for sans in Windows Server 2008

Windows Server 2008 Network Policy Server (nps) Operations Guide iconServices for nfs step-by-Step Guide for Windows Server 2008

Windows Server 2008 Network Policy Server (nps) Operations Guide iconWindows Server 2008 Active Directory Certificate Services Step-By-Step Guide

Windows Server 2008 Network Policy Server (nps) Operations Guide iconWindows Server 2008 ts licensing Step-By-Step Guide

Додайте кнопку на своєму сайті:
Документи


База даних захищена авторським правом ©te.zavantag.com 2000-2017
При копіюванні матеріалу обов'язкове зазначення активного посилання відкритою для індексації.
звернутися до адміністрації
Документи