To allow subjects to request a certificate that is based on the template

1. Open Certificate Templates.
2. In the details pane, right-click the certificate template that you want to change, and then click Properties.
3. On the Security tab, add the groups, computers, or users that you want.
4. In Group or user names, click one of the new objects, and then, on Permissions for ObjectName, under the Allow column, select the Read and Enroll check boxes.
5. Repeat the previous step for each new object.

Notes

• To perform this procedure, you must be a member of the Enterprise Admins group or the root domain's Domain Admins group in Active Directory. As a security best practice, consider using Run as to perform this procedure.
• To open Certificate Templates, click Start, click Run, type certtmpl.msc, and then press Enter.
• The Autoenroll permission must also be set if the subject will be using client autoenrollment to obtain certificates. For more information on autoenrollment, see Related Topics.
• To disallow subjects from requesting a certificate based on a template, clear the Read and Enroll check boxes using the same steps as above.

Related Topics