The following procedures will provide the domain certification authority permission to revoke a device enrollment from the company network. This step is optional, unless you have chosen to install your System Center Mobile Device Manager (MDM) certificate templates and MDM certificates manually. The /enabletemplatesparameter automatically performs this procedure during the MDM Active Directory® configuration.
To grant certification authority permissions to revoke an enrollment
-
In the certification authority, on the Administrative Toolsmenu, open the Certification Authorityconsole.
-
Right-click the name of your certification authority and then select Properties.
-
On the Securitytab, choose Add. In the Select User, Computer, or Groupbox, type SCMDM2008EnrollmentServers, choose Check Names, and then choose OK.
-
Choose Issue and Manage Certificateand then select the Set to Allowcheck box. Make sure that you clear all other check boxes. This includes the Request Certificatescheck box. Choose Apply.
-
On the Certificate Managers Restrictionstab, choose Restrict certificate Managers, and then in the Available certificate managerslist, select SCMDM2008EnrollmentServers, that you previously added.
-
In the Groups, users, or computers to managelist, select Everyone, and then choose Remove.
-
Choose Addand then in the Select User, Computer, or Groupbox, type SCMDM2008EnrolledDevices.
-
Choose OKtwo times to close the dialog box.