We have 2 terminal servers in our team, which are members of a domain. I am just the admin of these 2 servers, but not the domain admin.
Our company uses smartcards for login and mail en- /decryption and so I wanted to implement the usage of this feature on the 2 terminal servers.
I installed the correct smartcard driver and the card is recognized by the system and I'm able to see the certificates on the smartcard. The GPO "Certificate Service Client - Auto Enrollment" is enabled in Computer Configuration also in User Configuration.
To use the features of the smartcard, it's nessessary that the certificates will automatically import into the users own certificate store. I know that this is done by the service certpropsvc, but it only works, if I'm logged in as administrator.
If an end user logging in, nothing happens. There is no certificate import and so the end user can't encrypt mail for example.
The logs of task scheduler shows that something is done for the end user, but no certificate import takes place.
Is there any limitation or a GPO which additionally needs to be enabled?