generally the problem and theoretical solution is answered in this thread http://social.technet.microsoft.com/forums/en-us/winserversecurity/thread/F1593BD0-1476-4772-AA5E-1C0ECA65F0A0
the problem is, that is does not work /:
environment:
w2k8 R2 ent, template with manager approval and without 'publish in AD' [but i've tested with publish as well], client on w7.
scenario:
user request for the certificate, it appears in 'pending request', manager approves the cert, in appears in issued certificates. on the client machine in 'Certificate enrollment requests' i may find the req
problem: how user may finish the request without additional cert manager action?
i know that if cert manager will export the certificate and send it to the user, (s)he may install it and it works. but it requires additional communication channel - and most important - additional information about user - phone,email or such. if the certificate template do not have email included the scenario for administator is getting hard:
- check user name
- find used in AD
- check email/phone some other
- contact user
- send certificate to the user with instructions
- user may install certificate
-o((: nExoR :))o-
