Smart card issuer
I am trying to enable my help desk group to issue smart cards. I have their requester certs installed, given template permissions on the certcrv, now it errors can't access AD.
How can I give them enough permissions to do this without opening up the farm (as in domai admin access)?
Craig
August 31st, 2011 5:12pm
You should learn more about smart card deployment:
http://www.microsoft.com/technet/technetmag/issues/2005/01/SmartCards/default.aspxMy weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
August 31st, 2011 6:31pm
sorry for short explaination-that is a basic article. Have had smart cards deployed for 3 years. I had by regulation to remove the help desk people from domain admin group.
Would like to delegate enroll users to them in case I am not here. We have a 2008 CA and Shlumburg cards on a WIN2000 enrollemnt station trrough a WIN 2003 server IIS. I made a few changes by adding the help desk group to the AD template, and to the
CA security for smart card user template
I get unexpected error 0x80010117 from IE after user enters their new PIN and CSP is programming card.
August 31st, 2011 9:47pm