Microsoft NDES - Identity User account configuration

While configuring Microsoft NDES, you would need to choose an account for impersonation(under which SCEP ISAPI runs). Below steps should help you do that.

Standalone CA

1. Open Certification Authority, go to Action, Click Properties

 

2. Security Tab, in Groups or user names, click Add.

3. Once added, Check 'Manage CA'

Enterprise CA(by default Domain Admins have default permissions)

1

1.     Create a user in DC, need not to be part of any administrator group.

2.     Go to CA Server, type ‘certtmpl.msc’. This will open certificate template window.

3.      For all marked templates (IPSec (Offline request), CEP Encryption, Exchange Enrollment Agent (Offline request)), given ‘Enroll’ permission for the added user.

4.      Double click each template, Security tab, add User and check ‘Enroll’