Smart card issuer
I am trying to enable my help desk group to issue smart cards. I have their requester certs installed, given template permissions on the certcrv, now it errors can't access AD. How can I give them enough permissions to do this without opening up the farm (as in domai admin access)? Craig
August 31st, 2011 5:12pm

You should learn more about smart card deployment: http://www.microsoft.com/technet/technetmag/issues/2005/01/SmartCards/default.aspxMy weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
August 31st, 2011 6:31pm

sorry for short explaination-that is a basic article. Have had smart cards deployed for 3 years. I had by regulation to remove the help desk people from domain admin group. Would like to delegate enroll users to them in case I am not here. We have a 2008 CA and Shlumburg cards on a WIN2000 enrollemnt station trrough a WIN 2003 server IIS. I made a few changes by adding the help desk group to the AD template, and to the CA security for smart card user template I get unexpected error 0x80010117 from IE after user enters their new PIN and CSP is programming card.
August 31st, 2011 9:47pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics