Enrollment Agents
Restricted enrollment agents are users who are able to enroll for a certificate on behalf of another client . Restricted enrollment agents often enroll smart card certificates for other users. For example, staff in the HR department might be designated enrollment agents because they need to issue smart cards as part of the process of preparing all the resources a new employee needs to start work. Enrollment agents can perform only enrollment tasks; they cannot approve pending requests or revoke existing certificates. This means an enrollment agent can be a normal user account, and you do not have to assign one of the Certificate Services roles
To prepare a user to function as a restricted enrollment agent, issue that user an enrollment agent certificate. Two types of enrollment agent template are available on Windows Server 2008 CAs, one for computer certificates and one for user certificates . Configure enrollment agents for specific certificate templates on the Enrollment Agents tab of the CA properties. Figure 7-27 shows that the Sam Abolrous user account is an enrollment agent for the Smartcard User certificate template .
- FIGURE 7-27 Configuring enrollment agents .
Average user rating: 5 stars out of 1 votes
Related posts
- Configuring the CA for OCSP Response Signing Certificates Active Directory Planning Windows Server 2008
- Editing RDPTcp Connection Settings Learning Windows Server 2008
-
Using AD LDS Tools Learning Windows Server 2008
- Understanding AD LDS and its Relationship with AD DS Learning Windows Server 2008
- Offline Root CA Learning Windows Server 2008
Post a comment