Step 1c: Granting Certification Authority Permission to Revoke a Device Enrollment (Optional)

  • Article

10/3/2008

The following procedures will provide the domain certification authority permission to revoke a device enrollment from the company network. This step is optional, unless you have chosen to install your System Center Mobile Device Manager (MDM) certificate templates and MDM certificates manually. The /enabletemplates parameter automatically performs this procedure during the MDM Active Directory® configuration.

To grant certification authority permissions to revoke an enrollment

  1. In the certification authority, on the Administrative Tools menu, open the Certification Authority console.

  2. Right-click the name of your certification authority and then select Properties.

  3. On the Security tab, choose Add. In the Select User, Computer, or Group box, type SCMDM2008EnrollmentServers, choose Check Names, and then choose OK.

  4. Choose Issue and Manage Certificate and then select the Set to Allow check box. Make sure that you clear all other check boxes. This includes the Request Certificates check box. Choose Apply.

  5. On the Certificate Managers Restrictions tab, choose Restrict certificate Managers, and then in the Available certificate managers list, select SCMDM2008EnrollmentServers, that you previously added.

  6. In the Groups, users, or computers to manage list, select Everyone, and then choose Remove.

  7. Choose Add and then in the Select User, Computer, or Group box, type SCMDM2008EnrolledDevices.

  8. Choose OK two times to close the dialog box.