Certificate Authorities 0 CA Name : -CA DNS Name : ENWSUS. Certificate Subject : CN=-CA, DC=, DC= Certificate Serial Number : 646F04BD1BD90E8A4394B6CF5D571C38 Certificate Validity Start : 2019-11-19 16:47:13+00:00 Certificate Validity End : 2028-12-05 17:48:57+00:00 Web Enrollment : Enabled User Specified SAN : Enabled Request Disposition : Issue Enforce Encryption for Requests : Disabled Permissions Owner : \Administrators Access Rights Enroll : \Authenticated Users \MEHMET S-1-5-21-3459486759-3371203467-1059477045-14432 Read : \Authenticated Users \MEHMET S-1-5-21-3459486759-3371203467-1059477045-14432 ManageCertificates : \MEHMET S-1-5-21-3459486759-3371203467-1059477045-14432 \SCS Servers \Domain Admins \Enterprise Admins \Administrators ManageCa : \MEHMET S-1-5-21-3459486759-3371203467-1059477045-14432 \Domain Admins \Enterprise Admins \Administrators [!] Vulnerabilities ESC6 : Enrollees can specify SAN and Request Disposition is set to Issue. Does not work after May 2022 ESC8 : Web Enrollment is enabled and Request Disposition is set to Issue ESC11 : Encryption is not enforced for ICPR requests and Request Disposition is set to Issue Certificate Templates 0 Template Name : AMTClientConfigurationCertificateTemplates Display Name : AMT Client Configuration Certificate Templates Certificate Authorities : -CA Enabled : True Client Authentication : True Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : True Certificate Name Flag : EnrolleeSuppliesSubject Enrollment Flag : IncludeSymmetricAlgorithms Private Key Flag : ExportableKey Extended Key Usage : 2.16.840.1.113741.1.2.2 2.16.840.1.113741.1.2.1 Server Authentication Client Authentication Secure Email Encrypting File System Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 5 years Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Enrollment Permissions Enrollment Rights : S-1-5-21-3459486759-3371203467-1059477045-34108 \Domain Admins \Domain Users \Enterprise Admins Object Control Permissions Owner : \SCOMAdmin Write Owner Principals : \Domain Admins \Enterprise Admins \SCOMAdmin Write Dacl Principals : \Domain Admins \Enterprise Admins \SCOMAdmin Write Property Principals : \Domain Admins \Enterprise Admins \SCOMAdmin [!] Vulnerabilities ESC1 : '\\Domain Users' can enroll, enrollee supplies subject and template allows client authentication 1 Template Name : Radius-Client Display Name : Radius-Client Certificate Authorities : -CA Enabled : True Client Authentication : True Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : False Certificate Name Flag : SubjectRequireCommonName SubjectAltRequireDns Enrollment Flag : AutoEnrollment PublishToDs Private Key Flag : ExportableKey Extended Key Usage : Client Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 10 years Renewal Period : 6 weeks Minimum RSA Key Length : 1024 Permissions Object Control Permissions Owner : S-1-5-21-3459486759-3371203467-1059477045-1180 Full Control Principals : \Domain Admins \Domain Users \Domain Computers \Enterprise Admins \Authenticated Users Write Owner Principals : S-1-5-21-3459486759-3371203467-1059477045-1180 \Domain Admins \Domain Users \Domain Computers \Enterprise Admins \Authenticated Users Write Dacl Principals : S-1-5-21-3459486759-3371203467-1059477045-1180 \Domain Admins \Domain Users \Domain Computers \Enterprise Admins \Authenticated Users Write Property Principals : S-1-5-21-3459486759-3371203467-1059477045-1180 \Domain Admins \Domain Users \Domain Computers \Enterprise Admins \Authenticated Users [!] Vulnerabilities ESC4 : '\\Domain Users', '\\Domain Computers' and '\\Authenticated Users' has dangerous permissions 2 Template Name : Display Name : Certificate Authorities : -CA Enabled : True Client Authentication : True Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : False Certificate Name Flag : SubjectRequireCommonName SubjectAltRequireDns Enrollment Flag : AutoEnrollment Private Key Flag : AttestNone Extended Key Usage : Server Authentication Client Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 1 year Renewal Period : 6 weeks Minimum RSA Key Length : 1024 Permissions Enrollment Permissions Enrollment Rights : \Domain Admins \Domain Users \Domain Computers \Enterprise Admins \RAS and IAS Servers \Authenticated Users Object Control Permissions Owner : S-1-5-21-3459486759-3371203467-1059477045-1180 Write Owner Principals : \Domain Admins \Domain Users \Domain Computers \Enterprise Admins Write Dacl Principals : \Domain Admins \Domain Users \Domain Computers \Enterprise Admins Write Property Principals : \Domain Admins \Domain Users \Domain Computers \Enterprise Admins [!] Vulnerabilities ESC4 : '\\Domain Users' and '\\Domain Computers' has dangerous permissions 3 Template Name : Workstation Display Name : Workstation Authentication Certificate Authorities : -CA Enabled : True Client Authentication : True Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : False Certificate Name Flag : SubjectRequireCommonName SubjectRequireEmail SubjectAltRequireDns Enrollment Flag : AutoEnrollment PublishToDs Private Key Flag : ExportableKey Extended Key Usage : Client Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 1 year Renewal Period : 6 weeks Minimum RSA Key Length : 1024 Permissions Object Control Permissions Owner : \Enterprise Admins Full Control Principals : \Domain Admins \Domain Computers \Enterprise Admins \Authenticated Users Write Owner Principals : \Domain Admins \Domain Computers \Enterprise Admins \Authenticated Users Write Dacl Principals : \Domain Admins \Domain Computers \Enterprise Admins \Authenticated Users Write Property Principals : \Domain Admins \Domain Computers \Enterprise Admins \Authenticated Users [!] Vulnerabilities ESC4 : '\\Domain Computers' and '\\Authenticated Users' has dangerous permissions 4 Template Name : Scom2007 Display Name : Scom2007 Enabled : False Client Authentication : True Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : True Certificate Name Flag : EnrolleeSuppliesSubject Enrollment Flag : None Private Key Flag : ExportableKey Extended Key Usage : Server Authentication Client Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 10 years Renewal Period : 6 weeks Minimum RSA Key Length : 1024 Permissions Enrollment Permissions Enrollment Rights : \Domain Admins \Domain Computers \Enterprise Admins \Authenticated Users Object Control Permissions Owner : \MEHMET Write Owner Principals : \Domain Admins \Enterprise Admins \MEHMET Write Dacl Principals : \Domain Admins \Enterprise Admins \MEHMET Write Property Principals : \Domain Admins \Enterprise Admins \MEHMET [!] Vulnerabilities ESC1 : '\\Domain Computers' and '\\Authenticated Users' can enroll, enrollee supplies subject and template allows client authentication 5 Template Name : WorkstationAuthenticationNew Display Name : Workstation Authentication New Certificate Authorities : -CA Enabled : True Client Authentication : True Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : True Certificate Name Flag : EnrolleeSuppliesSubject Enrollment Flag : PublishToDs Private Key Flag : 50724864 Extended Key Usage : Client Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 2 years Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Object Control Permissions Owner : \ Full Control Principals : \Domain Admins \Domain Computers \Enterprise Admins \Authenticated Users Write Owner Principals : \ \Domain Admins \Domain Computers \Enterprise Admins \Authenticated Users Write Dacl Principals : \ \Domain Admins \Domain Computers \Enterprise Admins \Authenticated Users Write Property Principals : \ \Domain Admins \Domain Computers \Enterprise Admins \Authenticated Users [!] Vulnerabilities ESC1 : '\\Domain Computers' and '\\Authenticated Users' can enroll, enrollee supplies subject and template allows client authentication ESC4 : '\\Domain Computers' and '\\Authenticated Users' has dangerous permissions 6 Template Name : SCOMClientCert Display Name : SCOM Client Cert Certificate Authorities : -CA Enabled : True Client Authentication : True Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : True Certificate Name Flag : EnrolleeSuppliesSubject Enrollment Flag : None Private Key Flag : ExportableKey Extended Key Usage : Server Authentication Client Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 4 years Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Enrollment Permissions Enrollment Rights : \Domain Admins \Domain Computers \Enterprise Admins \Authenticated Users Object Control Permissions Owner : \ Write Owner Principals : \Domain Admins \Enterprise Admins \ Write Dacl Principals : \Domain Admins \Enterprise Admins \ Write Property Principals : \Domain Admins \Enterprise Admins \ [!] Vulnerabilities ESC1 : '\\Domain Computers' and '\\Authenticated Users' can enroll, enrollee supplies subject and template allows client authentication 7 Template Name : Copy of Computer Display Name : Copy of Computer Enabled : False Client Authentication : True Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : True Certificate Name Flag : EnrolleeSuppliesSubject Enrollment Flag : None Private Key Flag : ExportableKey Extended Key Usage : Server Authentication Client Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 1 year Renewal Period : 6 weeks Minimum RSA Key Length : 1024 Permissions Enrollment Permissions Enrollment Rights : \SCOMAdmin \Domain Admins \Domain Computers \Enterprise Admins \Authenticated Users Object Control Permissions Owner : \SCOMAdmin Write Owner Principals : \SCOMAdmin \Domain Admins \Enterprise Admins Write Dacl Principals : \SCOMAdmin \Domain Admins \Enterprise Admins Write Property Principals : \SCOMAdmin \Domain Admins \Enterprise Admins [!] Vulnerabilities ESC1 : '\\Domain Computers' and '\\Authenticated Users' can enroll, enrollee supplies subject and template allows client authentication 8 Template Name : web10yearSSLsan Display Name : web10 year SSL san Certificate Authorities : -CA Enabled : True Client Authentication : True Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : False Certificate Name Flag : SubjectRequireCommonName SubjectAltRequireDns Enrollment Flag : AutoEnrollment PublishToDs Private Key Flag : ExportableKey Extended Key Usage : Client Authentication Server Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 10 years Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Enrollment Permissions Enrollment Rights : \MEHMET \Domain Admins \Enterprise Admins \Authenticated Users Object Control Permissions Owner : \MEHMET Write Owner Principals : \MEHMET \Domain Admins \Enterprise Admins \Authenticated Users \SCOMAdmin Write Dacl Principals : \MEHMET \Domain Admins \Enterprise Admins \Authenticated Users \SCOMAdmin Write Property Principals : \MEHMET \Domain Admins \Enterprise Admins \Authenticated Users \SCOMAdmin [!] Vulnerabilities ESC4 : '\\Authenticated Users' has dangerous permissions 9 Template Name : web10yearSSL Display Name : web10 year SSL Certificate Authorities : -CA Enabled : True Client Authentication : True Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : True Certificate Name Flag : EnrolleeSuppliesSubject Enrollment Flag : PublishToDs Private Key Flag : ExportableKey Extended Key Usage : Client Authentication Server Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 10 years Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Enrollment Permissions Enrollment Rights : \MEHMET \Domain Admins \Enterprise Admins \Authenticated Users Object Control Permissions Owner : \SCOMAdmin Write Owner Principals : \MEHMET \Domain Admins \Enterprise Admins \Authenticated Users \SCOMAdmin Write Dacl Principals : \MEHMET \Domain Admins \Enterprise Admins \Authenticated Users \SCOMAdmin Write Property Principals : \MEHMET \Domain Admins \Enterprise Admins \Authenticated Users \SCOMAdmin [!] Vulnerabilities ESC1 : '\\Authenticated Users' can enroll, enrollee supplies subject and template allows client authentication ESC4 : '\\Authenticated Users' has dangerous permissions 10 Template Name : web2008r2 Display Name : web2008r2 Certificate Authorities : -CA Enabled : True Client Authentication : False Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : True Certificate Name Flag : EnrolleeSuppliesSubject Enrollment Flag : PublishToDs Private Key Flag : RequireAlternateSignatureAlgorithm ExportableKey Extended Key Usage : Server Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 5 years Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Enrollment Permissions Enrollment Rights : \MEHMET \Domain Admins \Enterprise Admins \Authenticated Users Object Control Permissions Owner : \MEHMET Write Owner Principals : \MEHMET \Domain Admins \Enterprise Admins \Authenticated Users \SCOMAdmin Write Dacl Principals : \MEHMET \Domain Admins \Enterprise Admins \Authenticated Users \SCOMAdmin Write Property Principals : \MEHMET \Domain Admins \Enterprise Admins \Authenticated Users \SCOMAdmin [!] Vulnerabilities ESC4 : '\\Authenticated Users' has dangerous permissions 11 Template Name : WebServer2008R2 Display Name : Web Server 2008R2 Certificate Authorities : -CA Enabled : True Client Authentication : False Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : False Certificate Name Flag : SubjectRequireDnsAsCn SubjectAltRequireUpn SubjectAltRequireSpn Enrollment Flag : AutoEnrollment PublishToDs Private Key Flag : ExportableKey Extended Key Usage : Server Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 10 years Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Enrollment Permissions Enrollment Rights : \Domain Admins \Enterprise Admins \Authenticated Users Object Control Permissions Owner : \MEHMET Full Control Principals : \MEHMET Write Owner Principals : \Domain Admins \Enterprise Admins \Authenticated Users \SCOMAdmin \MEHMET Write Dacl Principals : \Domain Admins \Enterprise Admins \Authenticated Users \SCOMAdmin \MEHMET Write Property Principals : \Domain Admins \Enterprise Admins \Authenticated Users \SCOMAdmin \MEHMET [!] Vulnerabilities ESC4 : '\\Authenticated Users' has dangerous permissions 12 Template Name : SubordinateCertificationAuthority Display Name : Subordinate Certification Authority Certificate Authorities : -CA Enabled : True Client Authentication : True Enrollment Agent : True Any Purpose : True Enrollee Supplies Subject : True Certificate Name Flag : EnrolleeSuppliesSubject Enrollment Flag : PublishToDs Private Key Flag : ExportableKey Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 5 years Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Enrollment Permissions Enrollment Rights : \Domain Admins \Enterprise Admins \Authenticated Users Object Control Permissions Owner : \ Write Owner Principals : \Domain Admins \Enterprise Admins \ Write Dacl Principals : \Domain Admins \Enterprise Admins \ Write Property Principals : \Domain Admins \Enterprise Admins \ [!] Vulnerabilities ESC1 : '\\Authenticated Users' can enroll, enrollee supplies subject and template allows client authentication ESC2 : '\\Authenticated Users' can enroll and template can be used for any purpose ESC3 : '\\Authenticated Users' can enroll and template has Certificate Request Agent EKU set 13 Template Name : ClientNew Display Name : ClientNew Certificate Authorities : -CA Enabled : True Client Authentication : True Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : True Certificate Name Flag : EnrolleeSuppliesSubject Enrollment Flag : None Private Key Flag : 67502080 Extended Key Usage : Client Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 2 years Renewal Period : 6 weeks Minimum RSA Key Length : 2048 Permissions Object Control Permissions Owner : \ Full Control Principals : \Domain Admins \Domain Users \Domain Computers \Enterprise Admins \Authenticated Users Write Owner Principals : \ \Domain Admins \Domain Users \Domain Computers \Enterprise Admins \Authenticated Users Write Dacl Principals : \ \Domain Admins \Domain Users \Domain Computers \Enterprise Admins \Authenticated Users Write Property Principals : \ \Domain Admins \Domain Users \Domain Computers \Enterprise Admins \Authenticated Users [!] Vulnerabilities ESC1 : '\\Domain Users', '\\Domain Computers' and '\\Authenticated Users' can enroll, enrollee supplies subject and template allows client authentication ESC4 : '\\Domain Users', '\\Domain Computers' and '\\Authenticated Users' has dangerous permissions 14 Template Name : OpsMgr2007 Display Name : OpsMgr2007 Certificate Authorities : -CA Enabled : True Client Authentication : True Enrollment Agent : False Any Purpose : False Enrollee Supplies Subject : True Certificate Name Flag : EnrolleeSuppliesSubject Enrollment Flag : PublishToDs Private Key Flag : ExportableKey Extended Key Usage : Server Authentication Client Authentication Requires Manager Approval : False Requires Key Archival : False Authorized Signatures Required : 0 Validity Period : 10 years Renewal Period : 6 years Minimum RSA Key Length : 1024 Permissions Enrollment Permissions Enrollment Rights : \Domain Admins \Domain Computers \Enterprise Admins \Authenticated Users Object Control Permissions Owner : S-1-5-21-3459486759-3371203467-1059477045-1108 Write Owner Principals : \Domain Admins \Domain Computers \Enterprise Admins \Authenticated Users Write Dacl Principals : \Domain Admins \Domain Computers \Enterprise Admins \Authenticated Users Write Property Principals : \Domain Admins \Domain Computers \Enterprise Admins \Authenticated Users [!] Vulnerabilities ESC1 : '\\Domain Computers' and '\\Authenticated Users' can enroll, enrollee supplies subject and template allows client authentication ESC4 : '\\Domain Computers' and '\\Authenticated Users' has dangerous permissions