Step 1c: Granting Certification Authority Permission to Revoke a Device Enrollment (Optional)

  • Article

2/9/2009

The following procedures will provide the domain certification authority permission to revoke a device enrollment from the company network. This step is optional, unless you have chosen to install your System Center Mobile Device Manager certificate templates and MDM certificates manually. The /enabletemplates parameter automatically performs this procedure during the MDM Active Directory® configuration.

To grant certification authority permissions to revoke an enrollment

  1. In the certification authority, on the Administrative Tools menu, open the Certification Authority console.

  2. Right-click the name of your certification authority and then select Properties.

  3. On the Security tab, choose Add. In the Select User, Computer, or Group box, type SCMDMEnrollmentServers, choose Check Names, and then choose OK.

  4. Choose Issue and Manage Certificate and then select the Allow check box. Make sure that you clear all other check boxes. This includes the Request Certificates check box. Choose Apply.

  5. On the Certificate Managers Restrictions tab, choose Restrict certificate Managers, and then in the Available certificate managers list, select SCMDMEnrollmentServers, that you previously added.

  6. In the Groups, users, or computers to manage list, select Everyone, and then choose Remove.

  7. Choose Add and then in the Select User, Computer, or Group box, type SCMDMEnrolledDevices.

  8. Choose OK two times to close the dialog box.