I have FIM deployed in a centralized way . Only the FIM IT Guys can issue smart cards . Can i have FIM to only send email to the Subject of the smart card before their smart card certificates get expired saying ( Hey , your smart card certificates will expire in 2 weeks , please notify the FIM IT Guys ) ? I just want FIM to send email notification , and not initiate any actions .Is this applicable ?ammarhasayen

In my (young) expirience - no way "out of the box". Only trigger for email is the OTS delivery. br libbe

You would need to do custom programming using the Notification API. http://msdn.microsoft.com/en-us/library/bb468083.aspx As mentioned earlier, you could use the Renew workflow (or the Online Update with some modifications) to initiate a Renew request when the certificate enters its expiration interval (based on the certificate template). The issue is that you have now initiated a request. You could have two One -time secrets, with the two secretes sent to a manager and just the email you desire to the subscriber though Brian

im not that good in scripting :( , does any one have the same need that i have , and is good in scripting and help me in this . It is very important for us. If no one could help , then i fail back to renew request initiation. I guess the Clmwebpool should have CLM Request Enroll on the SCP and FIM Scubsriber ? anything else ?ammarhasayen

Actually, the account that runs the FIM CM Update service will need FIM CM Request Enroll permissions on the FIM CM SCP and all subcribers. In additino, the FIM CM Request Renew is needed on the SCP and the FIM Subscriber. Depending on your workflow, it may also need CLM Request Revoke (if your renew workflow revokes the old certificate) Brian

what about permissions on the profile template containers and profile templates themselves ? . I guess the service account doesnt need any permissions on the certificate templates as they will not be the identity which do the actual enrollment .Right?ammarhasayen

WHat permissions have you tried? The Subscriber will require Read and FIM CM Enroll permissions on the profile template The manager will require Read and FIM CM Enroll permissions if the manager initiates enrollment for any workflows (like your renew workflow) The service will only need Read, as it never executes the enrollment action Brian