Configuring a Smart Card Enrollment Station

In this exercise, you will request a smart card enrollment certificate and configure a smart card enrollment station.

Instructions

Ensure the 2823_DC1 and 2823_Client1 virtual machines are started.

Perform tasks from the 2823_Client1 virtual machine as the user Don Hall unless otherwise directed. Don Hall's username is [email protected] and his password is [email protected] Don Hall does not have any administrative rights. Perform all administrative tasks by using the RUNAS command or the secondary logon service. When performing administrative tasks, use the username [email protected] and the password [email protected]

Scenario

Don Hall will be using a workstation running Windows XP Professional as an enrollment station when issuing smart cards to users. You will configure a smart card enrollment station by configuring Internet Explorer and the group membership on the workstation, and by enrolling for a smart card enrollment certificate.

Tasks

Detailed steps

1. Configure Group Policy settings and Active Directory for a smart card enrollment station.

a. Open Group Policy Management Console.

b. Create a new top-level organizational unit named Smart Card Enrollment Stations.

c. Create a new Group Policy object named Smart Card Enrollment Stations and link it to the Smart Card Enrollment Stations OU.

d. Edit the Smart Card Enrollment Stations policy, making the following changes:

• Enable loopback processing in Replace mode. The setting can be found under the Computer Configuration/Administrative Templates/System/Group Policy node.

• Configure an Internet Explorer security policy that adds http://dc1 to the trusted sites zone. The settings can be found under the User Configuration/Windows Settings/Internet Explorer Maintenance/ Security node.

• Create a restricted groups policy to add the Smart Card Enrollment Agents group to the Administrators group. The settings can be found under the Computer Configuration/Windows Settings/ Security Settings node.

(continued)

Tasks

Detailed steps

1. (continued)

e. Open Active Directory Users and Computers.

f. Move the Clientl computer object from the Computers container to the Smart Card Enrollment Stations OU.

g. Close all administrative tools and restart the 2823 Clientl virtual machine.

h. Log on to the 2823 Clientl virtual machine as Don Hall, using the user name [email protected] and the password [email protected]

i. Log off from the 2823 Clientl virtual machine to ensure Group Policy settings are enforced.

2. Enroll Don Hall for a Smart Card Enrollment certificate.

a. Log on to the 2823 Clientl virtual machine as Don Hall.

b. Open Internet Explorer and navigate to http://dc1/certsrv.

c. Request a new Smart Card Enrollment Certificate.

3. Issue the Smart Card Enrollment Certificate.

a. Open Public Key Management.

b. Issue the pending Smart Card Enrollment Certificate.

4. Retrieve the pending certificate request and install the Smart Card Enrollment certificate.

a. Open Internet Explorer and navigate to http://dc1/certsrv.

b. Install the issued certificate.

Was this article helpful?

0 0
Outsource Explosion

Outsource Explosion

There will come a day in your business (if it hasn't already arrived) when you realise that you only have two hands and 24 hours in a day. What I mean is you can't do everything that your business needs yourself. If you try to do everything yourself your business will at best grind to a halt, and at worst, GO UNDER. Take a look RIGHT NOW at the successful marketers around you - the millionaires, the gurus and the market leaders.

Get My Free Ebook


Responses

  • anthony
    How to configure smart card certificate in windows 2012?
    7 years ago
  • cipriano
    What is smart card enrollment station?
    7 years ago
  • KEDIJA
    How to create station in windows server 2003?
    7 years ago
  • severino
    How to enable smart card enrollment?
    2 years ago

Post a comment