Home » Microsoft » 70-647 » What should you include in your plan?
Your network contains servers that run Windows Server 2008 R2 and client computers that run Windows 7.
You deploy a public key infrastructure by using Certificate Services servers that run Windows Server 2008 R2.
You need to plan the implementation of smart card authentication on the network. The solution must meet the following requirements:
- Help desk users must only be able to enroll user certificates.
- Managers must be able to enroll smartcards for other employees.
- Managers must be able to use their client computers to manage certificates.
What should you include in your plan?
A. Enable Web enrollment.
B. Configure Restricted Enrollment Agents.
C. Upgrade all certificates to V3 templates.
D. Configure Restricted Certificate Managers.
Correct Answer: B
Explanation/Reference:
Explanation:
To ensure that the managers must be able to use their client computers to manage certificates and must be able to enroll smartcards for other employees, you need to use restricted Enrollment Agents
The restricted enrollment agent allows limiting the permissions that users designated as enrollment agents have for enrolling smart card certificates on behalf of other users Enrollment agents are one or more authorized individuals within an organization. The enrollment agent needs to be issued an enrollment agent certificate, which enables the agent to enroll for smart card certificates on behalf of users.
Reference: AD CS: Restricted Enrollment Agent
http://technet2.microsoft.com/windowsserver2008/en/library/56d66319-2e49-447b-92a3- 1ca2a674fb8d1033.mspx?mfr=true