Hey
i want to achive an enrollmen station that only from this station i will be able to enroll smart card and only authorized user will be able to.
my thought is this:
1) create an enrollment agent template with special application policy
2) for the smart card template i configured a issuance policy that requeir the applicaition policy i configured in step 1
here it started confusing me, i need to issue the enrollment agent certificate to a user and not the machine so i will have one of this options:
a) issue the enrollment agent on the token
b) issue the enrollment agent to the local user store on the relevant station
option a, will allow the user to issue certificates from any computer
option b, is problematic because i might have moltiple certificiate for a user to each station, and i am not very sure on how much i can trust the windoes local store for gaurding the private key.
how can i make this requirement a reality?
thanks,
dor