Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Configure support for Registry cards via Group Policies

To enable the ability the possibility to issue Registry cards with writing certificates to the certificates storage of the computer and/or user via Self Service, configure the appropriate group policy. The policy should apply to Indeed CM user workstations.

To add an Indeed CM administrative template (ADMX), proceed as follows:

1. Copy the contents of IndeedCM.Client\Misc\ folder to the central ADMX file storage of domain controller C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions.

Info

When using local ADMX file storage, the Indeed CM templates are to be placed to C:\Windows\PolicyDefinitions folder.

2. Open the Group Policy Management console.
3. Create a new group policy object in the console tree or select an existing one.
4. Open the context menu and select the Edit item.
5. In the opened Group Policy Management Editor select Computer Configuration > Policies > Administrative Templates > Indeed CM > Client (Figure 15).

Image Modified

Figure 15 – Indeed CM Registry Group policies.

6. Enable policies:

    • Enable 'Registry' card (Machine), if you need to issuance certificates to the Workstation Certificates storage
    • Enable 'Registry' card (User), if you need to issuance certificates to the User Certificates storage

7. Link this policy object to a group, where Indeed CM user workstations reside.
8. Click Apply and perform policy update.

Configure Registry cards support on workstations outside the Windows domain

If the Indeed CM server and user workstations are outside the Windows domain, the possibility of issuing Registry cards must be specified in the registry of each it. To do so, create a registry file (.reg) containing the following:

Code Block
languagepowershell
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\IndeedCM\Client]
"MachineRegistryCardEnabled"=dword:00000000
"UserRegistryCardEnabled"=dword:00000000

Set the MachineRegistryCardEnabled parameter to 1 (dword:00000001), if you need to issuance certificates to the Workstation Certificates storage.
Set the UserRegistryCardEnabled parameter to 1 (dword:00000001), if you need to issuance certificates to the User Certificates storage.

The following is an example of the contents of .reg file with the possibility to issue the Registry cards of the computer and user:

Code Block
languagepowershell
titleExample:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\IndeedCM\Client]
"MachineRegistryCardEnabled"=dword:00000001
"UserRegistryCardEnabled"=dword:00000001