I'm working on configuring auto-renewal of the Smard Card certificates (Windows 2008 Enterprise sub-CA). As the process involves modifying the certificate template (the permissions at least), I'm concerned that this would force all the already issued certificates to be re-enrolled as soon as users log off and on again or after the 8 hour time of the auto-enrollment pulse. Is is a valid concern.
I guess a more general question would be: are there changes to the certificate template that would force a re-enroll and changes that would not.
Thank you for your help in advance.
Jamal