Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Certificates and Auto-enrollment 1

Status
Not open for further replies.
navigat0

navigat0

MIS
Jun 7, 2004
25
0
0
US
Can anyone tell me if it's possible to modify the Code Signing certificate template or Policy for this template to allow auto-enrollment like you can do with user certificates?

Background: We are using enterprise wide code signing certificates along with very high security for macro's in office (MSExcel) documents. Currently users are self-signing, I have tested using enterprise code signing certificates but would like to reduce the amount of user intervention by setting up auto-enrollment so that when users log into the domain they automatically obtain a code signing certificate for those purposes.

Thanks!
 
Sort by date Sort by votes
That's correct, unfortunately as you can see from the snapshots in the article you posted the auto-enrollment feature is supported for USER and COMPUTER certificates only. As my digging turned up answers - what I found was that code-signing certificates (as well as some other extended types of certificates) can only be configured for auto-enrollment if you are using XP clients and Windows 2003 Server ENTERPRISE EDITION. I, uluckily enough, run Win2K3 Standard servers as well as a mix of Win2K and XP clients.
 
Upvote 0 Downvote
Autoenrollment of ALL certs is only supported on the 2003 Enterprise SKU. It also requires XP clients.

What you are referring to is Automatic Certificate Request. This runs on all versions of 2000 and 2003 Server, and supports 2000 and XP clients.

Autoenrollment requires Version 2 certificate templates, which are only available on 2003 Ent and higher. Version 2 templates allow you to configure all properties of the template. Version 1 templates have very limited options, basically just a security ACL. You can look at the options available to Version 1 templates by going into the CA console, right clicking on templates, then clicking manage. Then you can look at the properties of the templates listed there.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
62
DrB0b
DrB0b
MoJHK
  • Locked
  • Question
Auto run the media player with the desired song after window reboot
Replies
3
Views
46
gbaughma
gbaughma
geneg28
  • Locked
  • Question
Active Directory and Linux Servers
Replies
0
Views
39
geneg28
geneg28
DrB0b
  • Locked
  • Question
HyperV Virtual Switch and Physical NIC question
Replies
3
Views
50
DrB0b
DrB0b
kbryii
  • Locked
  • Question
AD and DHCP issue
Replies
1
Views
59
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top