diff --git a/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md b/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md index 442e9d2..5742581 100644 --- a/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md +++ b/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md @@ -11,12 +11,13 @@ This document outlines the Microsoft-recommended best practices for deploying a - You should give it at least 4GB of RAM. - [Change the edition of Windows Server from "**Evaluation**" to "**Standard**" via DISM](https://docs.bunny-lab.io/Workflows/Windows/Change%20Windows%20Edition/) - Ensure the server is fully updated - - Ensure the server is activated + - [Ensure the server is activated](https://docs.bunny-lab.io/Workflows/Windows/Change%20Windows%20Edition/#force-activation-edition-switcher) - Ensure the timezone is correctly configured - Ensure the hostname is correctly configured -### Offline Root CA `LAB-CA-01` Setup -- Provision the non-domain-joined Windows Server +### Offline Root CA `LAB-CA-01` Role Deployment +- Provision a **non-domain-joined** Windows Server + - This is critical that this device is not domain-joined for security purposes - Navigate to "**Server Manager > Manage > Add Roles and Features**" - Check "**Active Directory Certificate Services**" - When prompted to confirm, click the "**Add Features**" button @@ -31,7 +32,11 @@ This document outlines the Microsoft-recommended best practices for deploying a - When prompted to confirm multiple times, click the "**Add Features**" button - Ensure the "**Include management tools (if applicable)**" checkbox is checked. - Click "**Next**" > "**Next**" > "**Next**" > "**Install**" + - Restart the Server +### Offline Root CA `LAB-CA-01` Role Configuration +- Navigate to "**Server Manager > (Alert Flag) > Post-deployment Configuration: Active Directory Certificate Services**" + - !!! warning "Raw Unprocessed Documentation - Do Not Use" Install AD CS role as a Standalone Root CA.