Once a certificate template is added to a CA is there a way to limit the methods that can be used for enrollement in that certificate? Example: Certificate can only be enrolled via WebEnrollment and NOT Certificate Enrollment Wizard or vice verse. Thanks, Paul

It is not possible for the CA to distinguish among the different enrollment methods unless you implement some other layer of control often referenced to as a Registration Authority. This can be done either using 3rd party policy modules, IP restrictions or requiring additional signatures in a co-signing/enrollment agent scenario. Forefront Identity Management Certificate Manager, FIM CM, is a good example of RA that can control all certificate request/issuance through a web interface and a set of policies. /Hasain