Your network contains servers that run Windows Server 2008 R2 and client computers that run
Windows 7. You deploy a public key infrastructure by using Certificate Services servers that run
Windows Server 2008 R2. You need to plan the implementation of smart card authentication on the
network. The solution must meet the following requirements:
Help desk users must only be able to enroll user certificates.
Managers must be able to enroll smartcards for other employees.
Manager s must be able to use their client computers to manage certificates.
What should you include in your plan?
A.
Enable Web enrollment
B.
Configure Restricted Enrollment Agents
C.
Upgrade all certificates to V3 templates
D.
Configure Restricted Certificate Managers
Explanation:
To ensure that the managers must be able to use their client computers to manage certificates and
must be able to enroll smartcards for other employees, you need to use restricted Enrollment
Agents. The restricted enrollment agent allows limiting the permissions that users designated as
enrollment agents have for enrolling smart card certificates on behalf of other users. Enrollment
agents are one or more authorized individuals within an organization. The enrollment agent needs to
be issued an enrollment agent certificate, which enables the agent to enroll for smart card
certificates on behalf of users.
AD CS: Restricted Enrollment Agent
http://technet2.microsoft.com/windowsserver2008/en/library/56d66319-2e49-447b-92a3-
1ca2a674fb8d1033.mspx?mfr=true