Certificate Handling

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

I realised that Windows 2000 Server's Standalone CA Server, I can "set the
certificate request status to pending" option so that administrator have
total control towards any new certficiate requested by clients on the web.
But I am already running Windows 2000 Enterprise CA server, is there a trick
to enable this option. As you knew, by default, this option is greyed. Thanks
heaps.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

In Windows 2000 Enterprise CA you can use permissions and group membership
to prevent users from requesting any certificates. If you give users
permission to Enroll to specific template you expressed your trust in users
and additional pending status should not be necessary.

Among other groups you can use e.g. "Authenticated users group" or "Domain
Users group" etc...

I know this is not direct answer to your question. Still I hope this helps,

Mike

"seeker01" <seeker01@discussions.microsoft.com> wrote in message
news:305DF28C-A4A6-459F-8606-E4FB9220E97D@microsoft.com...
> I realised that Windows 2000 Server's Standalone CA Server, I can "set the
> certificate request status to pending" option so that administrator have
> total control towards any new certficiate requested by clients on the web.
> But I am already running Windows 2000 Enterprise CA server, is there a
trick
> to enable this option. As you knew, by default, this option is greyed.
Thanks
> heaps.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Thanks Miha, appreciate your advice. I am actually hoping I can modify the
registry settings to enable the option, simply because we produce to many
external (non-trusted) users. But more importantly, this way administrator
can have a better control.

"Miha Pihler" wrote:

> Hi,
>
> In Windows 2000 Enterprise CA you can use permissions and group membership
> to prevent users from requesting any certificates. If you give users
> permission to Enroll to specific template you expressed your trust in users
> and additional pending status should not be necessary.
>
> Among other groups you can use e.g. "Authenticated users group" or "Domain
> Users group" etc...
>
> I know this is not direct answer to your question. Still I hope this helps,
>
> Mike
>
> "seeker01" <seeker01@discussions.microsoft.com> wrote in message
> news:305DF28C-A4A6-459F-8606-E4FB9220E97D@microsoft.com...
> > I realised that Windows 2000 Server's Standalone CA Server, I can "set the
> > certificate request status to pending" option so that administrator have
> > total control towards any new certficiate requested by clients on the web.
> > But I am already running Windows 2000 Enterprise CA server, is there a
> trick
> > to enable this option. As you knew, by default, this option is greyed.
> Thanks
> > heaps.
>
>
>