...
Type "certsrv.msc" and press Enter .to launch the Certification Authority manager
Double-click the name of your server, e.g. "la-DC101-CA" to expand it
...
Find and select the newly created enrolment template, e.g. "PIV Smartcard Enrolment Template for Agent". and then click OK
3.3
...
Add the enrolment template to the Agent's account
Login the
...
agent's account
Right-click the Windows Start button and select Run.
Type "certmgr.msc" and press Enter to launch the Certificate Manager
Click on "Certificate \ Personal" to expand it
Right click "Certificates \ Personal \ Certificates"
Select "All Tasks \ Request New Certificate…"
Click "Next"
Click "Next"
Select the newly created enrolment template, e.g.
- Click 'next'
...
- Make sure your AD Enrollment Policy, click 'next'
...
'PIV Smartcard Enrolment Template for Agents', and click 'Enroll'
...
Click "Finish"
3.4
...
Create a Certificate Logon Template for target users by Agents
- In order to be able to issue a smart card certificate on behalf of another user, the Smart Card User or Logon template needs to be adjusted to require the Enrolment Agent certificate for enrolment.
- Duplicate and configure a Smart Card User or Logon template.
...