The following procedures will provide the domain certification authority permission to revoke a device enrollment from the company network. This step is optional, unless you have chosen to install your System Center Mobile Device Manager (MDM) certificate templates and MDM certificates manually. The /enabletemplatesparameter automatically performs this procedure during the MDM Active Directory® configuration.

To grant certification authority permissions to revoke an enrollment

  1. In the certification authority, on the Administrative Toolsmenu, open the Certification Authorityconsole.

  2. Right-click the name of your certification authority and then select Properties.

  3. On the Securitytab, choose Add. In the Select User, Computer, or Groupbox, type SCMDM2008EnrollmentServers, choose Check Names, and then choose OK.

  4. Choose Issue and Manage Certificateand then select the Set to Allowcheck box. Make sure that you clear all other check boxes. This includes the Request Certificatescheck box. Choose Apply.

  5. On the Certificate Managers Restrictionstab, choose Restrict certificate Managers, and then in the Available certificate managerslist, select SCMDM2008EnrollmentServers, that you previously added.

  6. In the Groups, users, or computers to managelist, select Everyone, and then choose Remove.

  7. Choose Addand then in the Select User, Computer, or Groupbox, type SCMDM2008EnrolledDevices.

  8. Choose OKtwo times to close the dialog box.