What should you include in the recommendation?

Your network contains an Active Directory domain named contoso.com.
The domain contains an enterprise certification authority (CA).
You plan to delegate certificate enrollment for Smartcard Logon certificates to a user named
User1. User1 is the member of a group named CONTOSO\DelegatedAdmins.

You need to recommend a solution to provide User1 with the ability to enroll for Smartcard
Logon certificates on behalf of other domain users.
What should you include in the recommendation?

Your network contains an Active Directory domain named contoso.com.
The domain contains an enterprise certification authority (CA).
You plan to delegate certificate enrollment for Smartcard Logon certificates to a user named
User1. User1 is the member of a group named CONTOSO\DelegatedAdmins.

You need to recommend a solution to provide User1 with the ability to enroll for Smartcard
Logon certificates on behalf of other domain users.
What should you include in the recommendation?

A.
Duplicate the Smartcard Logon certificate template. Modify the Extensions settings and
the Request Handling settings of the new template.
B.Modify the Issuance Requirements settings and the Security settings of the Smartcard
Logon certificate template.
C.Modify the Extensions settings and the Request Handling settings of the Smartcard Logon
certificate template.
D.Duplicate the Smartcard Logon certificate template. Modify the Issuance Requirements
settings and the Security settings of the new template.



Leave a Reply 1

Your email address will not be published. Required fields are marked *


Gavin

Gavin

Answer is: D

http://secadmins.com/index.php/enroll-for-a-smart-card-certificate-on-behalf-of-other-users/

1. Open the Certificate Template Management console
2. Right click the Smartcard User or Smartcard Logon template and choose Duplicate Template
Note: If you are using a Windows 2008 CA or above you will be prompted to select the minimum CA for your new template. Select the 2003 Enterprise option.
3. Provide a name for the smart card template and set the validity period that you desire for the environment
4. On Request Handling tab, do the following
Select Signature and smartcard logon under Purpose
Under CSPs, select the CSP that should be used for your smart cards
5. On Issuance Requirements tab, do the following
Select The number of authorized signatures: and set it to 1
Under Policy type required in signature, select Application Policy
Under Application Policy select Certificate request Agent
6. On the Security tab, make sure the user or group that is designated as enrollment agent has Read and Enroll permissions on the template
7. Click Apply and then OK.
8. Close Certificate Templates console
9. In the Certificate Authority snap-in, right click Certificate Templates folder and select New
10. Select “Certificate Template to Issue”
11. Select the new template and click Ok