Configuring Registry cards support via Group Policies
To enable the possibility to issue Registry cards with writing certificates to the certificates storage of the computer and/or user via Self-Service, configure the appropriate group policy. The policy should apply to Axidian CertiFlow user workstations.
To add an Axidian CertiFlow administrative template (ADMX), proceed as follows:
1. Copy the contents of AxidianCertiFlow.Client\Misc\PolicyDefinitions folder to the central ADMX file storage of domain controller C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions.
When using local ADMX file storage, Axidian CertiFlow templates are to be placed to C:\Windows\PolicyDefinitions folder.
2. Open the Group Policy Management console.
3. Create a new group policy object in the console tree or select an existing one.
4. Open the context menu and select the Edit item.
5. In the opened Group Policy Management Editor select Computer Configuration > Policies > Administrative Templates > Axidian CertiFlow > Client.
6. Enable policies:
- Enable 'Registry' card (Machine), if you need to issue certificates to the Workstation Certificates storage
- Enable 'Registry' card (User), if you need to issue certificates to the User Certificates storage
7. Link this policy object to a group, where Axidian CertiFlow user workstations reside.
8. Click Apply and perform policy update.
Configuring Registry cards support on workstations outside the Windows domain
If Axidian CertiFlow server and user workstations are outside the Windows domain, each workstation's registry must be configured to issue Registry cards. To do so, create a registry file (.reg) containing the following:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\CertiFlow\Client] "MachineRegistryCardEnabled"=dword:00000000 "UserRegistryCardEnabled"=dword:00000000
Set the MachineRegistryCardEnabled parameter to 1 (dword:00000001), if you need to issue certificates to the Workstation Certificates storage.
Set the UserRegistryCardEnabled parameter to 1 (dword:00000001), if you need to issue certificates to the User Certificates storage.
The following is an example of the contents of .reg file with the possibility to issue the Registry cards of the computer and user:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\CertiFlow\Client] "MachineRegistryCardEnabled"=dword:00000001 "UserRegistryCardEnabled"=dword:00000001