Microsoft KB Archive/313274

From BetaArchive Wiki

PSS ID Number: 313274

Article Last Modified on 1/7/2004


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server


This article was previously published under Q313274

IN THIS TASK

SUMMARY

This step-by-step article describes how to configure a Certification Authority to issue smart card certificates.

You can configure a Windows 2000-based or Microsoft Windows XP-based computer to require the use of a smart card to log on to either a computer or a domain. To use a smart card, a domain user must have a smart card certificate, and you must prepare a Certification Authority (CA) to issue smart card certificates before the CA can issue them.

The CA must have both the Smart Card Logon and Enrollment Agent certificate templates installed. If you want the CA to issue smart card certificates that can be used for secure e-mail messages, you must also install the Smart Card User certificate template.

back to the top

To Configure an Enterprise CA to Issue Smart Card Certificates

  1. Log on to an enterprise CA with a domain administrator account.
  2. Click Start, point to Programs, point to Administrative Tools, and then click Certification Authority.
  3. In the Certification Authority console, expand your domain name, right-click the Policy Settings node, point to New, and then click Certificate to Issue.
  4. In the Select Certificate Template dialog box, click Smart card logon, and then click OK.
  5. Right-click Policy Settings, point to New, and then click Certificate to Issue.
  6. In the Select Certificate Template dialog box, click Enrollment Agent, and then click OK.
  7. Right-click Policy Settings, point to New, and then click Certificate to Issue.
  8. In the Select Certificate Template dialog box, click Smart Card User, and then click OK.

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

313557 HOW TO: Install a Smart Card Reader


228831 Cannot Overwrite Smart Card Key in Certificate Services Setup


231881 How to Install/Uninstall a Public Key Certificate Authority for Windows 2000


281245 Guidelines for Enabling Smart Card Logon with Third-Party Certification Authorities


back to the top

To Set Security Permissions


The security permissions for a certificate template indicate who is allowed to request a certificate of that type. You can view an modify these security permissions in the Active Directory Sites and Services console.

  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.
  2. In the Active Directory Sites and Services console, expand the Services node, and then expand the Public Key Services node.
  3. Click Certificates Templates.
  4. Double-click the SmartcardLogon certificate template, and then click the Security tab. Note the security settings for authenticated users, domain administrators, and enterprise administrators. You can add users or groups if necessary.NOTE: It is not necessary to issue the Enrollment Agent certificate from the same CA that issues certificates for smart cards. The CA that issues Enrollment Agent certificates need only be trusted by the enterprise CA.

back to the top

Keywords: kbhowto kbHOWTOmaster KB313274
Technology: kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Search kbwin2000Serv kbwin2000ServSearch kbWinAdvServSearch



Send feedback to Microsoft

© 2004 Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/313274&oldid=172107
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki