One advantage of Online Responders is that they can be deployed to provide revocation checking services at a remote location or even outside of the local intranet. However, this would frequently require the ability to manage the Online Responder from another computer.
By default, the Online Responder snap-in is installed automatically when an Online Responder is installed on a server. The Online Responder can be installed on a different server by using Server Manager to install Active Directory Certificate Services (AD CS) tools.
Before you can enable remote administration, you must configure Online Responder–related firewall settings on the computer hosting the Online Responder.
You must be a local administrator to configure firewall settings. For more information about administering a public key infrastructure (PKI), see Implement Role-Based Administration.
|To configure firewall settings to enable remote administration of an Online Responder|
Open Server Manager.
Under Configuration, expand Windows Firewall with Advanced Security.
Expand Inbound Rules, and click Online Responder Service (DCOM-In).
In the Actions pane, click Enable Rule.
Click Online Responder Service (RPC-In), and in the Action pane, click Enable Rule.
To identify authorized users or computers that can access the Online Responder through each inbound Online Responder firewall rule, in the Actions pane, click Properties for each of these rules, and then click the Users and Computers tab.
You must be a local administrator on the remote computer to install the Remote Server Administration Tools. You must have Manage Online Responder permissions on the server hosting the Online Responder to complete this procedure. For more information about administering a PKI, see Implement Role-Based Administration.
|To administer a remote Online Responder|
On the remote computer, open Server Manager.
Under Features Summary, click Add Features.
Expand Remote Server Administration Tools and Role Administration Tools.
Select the Active Directory Certificate Services check box, click Next, and then click Install.
When the installation process is finished, click Close.
Click Start, type mmc, and press ENTER.
On the File menu, click Add/Remove Snap-in.
Click the Online Responder snap-in, click Add, and then click OK.
In the console tree, click the Online Responder.
On the Action menu, click Retarget Responder to identify the Online Responder that you want to manage.
- If the computer you want to perform remote
administration tasks from is running Windows Vista, you can obtain
the Remote Server Administration Tools Pack from the Microsoft
Download Center (http://go.microsoft.com/fwlink/?LinkID=89361).
- If there is a firewall between the Online
Responder and the remote computer, the firewall must be configured
to allow data to pass through port 80 between Internet Information
Services (IIS) and the Online Responder. Similar results can be
achieved by using the reverse-proxy capability of Microsoft
Internet Security and Acceleration (ISA) Server.
- It may also be necessary to configure DCOM
permissions to enable the Online Responders in an Array to
authenticate to each other.