@Miguel, look at the figure 26 again, there is a "require the following for reenrollment". There are two radiobuttons. If you select "valid existing certificate", then:
This configuration is best for manual initial certificate provisioning and automatic certificate renewal during certificate lifecycle.
> Basically an autoenrollment policy with no templates that have autoenroll permission will have no effect, correct?
yes, it is correct. Certificate autoenrollment requires both, configured policy AND available templates with autoenroll permissions. If any is missing, the policy will have no effect.
Hi Vadims, my question is about your self RA example above (figure 26): If I have issued a smart card certificate using an enrollment station (using a template requiring one authorized signaure, application policy = certificate request agent), in order to have this certificate to be automatically renewed, do I need to supersede the corresponding template with another that also requires one autorized signature and ha application policy = smart card logon? Is this the best/only way to get automatic renewal in this case?
Hi Vadims, just to confirm I'm understanding correctly: If I have no certificate templates with autoenroll permision for a user, and I also have an enabled autoenrollment policy in the domain that has the "Update certificates that use certificate templates" option checked then the user will not be prompted for autoenrollment, is this correct?
Basically an autoenrollment policy with no templates that have autoenroll permission will have no effect, correct?
Reviving this 3 year old discussion. AppLocker is supported on Windows 10 since September 2017.
© 2008 - 2019 - Sysadmins LV. All rights reserved