{"id":598,"date":"2023-02-17T00:07:04","date_gmt":"2023-02-16T18:37:04","guid":{"rendered":"https:\/\/community.windowstechno.com\/community\/question\/user-certificate-enrollment-with-enrollment-agent-in-computer-context\/"},"modified":"2023-02-17T00:07:04","modified_gmt":"2023-02-16T18:37:04","slug":"user-certificate-enrollment-with-enrollment-agent-in-computer-context","status":"publish","type":"question","link":"https:\/\/community.windowstechno.com\/community\/question\/user-certificate-enrollment-with-enrollment-agent-in-computer-context\/","title":{"rendered":"User certificate enrollment with enrollment agent in computer context"},"content":{"rendered":"<p>Hi there,<\/p>\n<div class=\"_1WODZhR-x-fbMu3MOL9cH1\">Problem:<\/div>\n<p>I want to only allow users on certain machines, our laptops, to enroll for a certificate. I thought it might work with an enrollment agent, which is auto enrolled on those computers in a specified security group and than allow users having this key to enroll for the certificate. I modified templates &#8220;User Signature Only&#8221; for the user certificate and &#8220;Enrollment Agent (Computer)&#8221; for the machine enrollment agents.<\/p>\n<div class=\"_1WODZhR-x-fbMu3MOL9cH1\">Use case:<\/div>\n<p>Only users with secured and allowed laptops should be able to use our vpn, this can not be achieved using groups on the vpn authentication side, because users change workstation often from mobile to desktop. So users should be auto enrolled for a vpn certificate if they are on an approved laptop.<\/p>\n<p>Now I tried to implement this in a test environment, but it seems it&#8217;s not possible for a user to get a certificate if the enrollment agent certificate is in the computer context.Is there a way to check for the computer group when enrolling the user certificate, so I wouldn&#8217;t need an enrollment agent &#8211; or is it possible to limit a user enrollment agent to a security group of computers, so I the user is able to access this certificate?<\/p>\n<p>Thanks for any help<\/p>\n","protected":false},"author":0,"comment_status":"open","ping_status":"closed","template":"","question-category":[28],"question_tags":[],"class_list":["post-598","question","type-question","status-publish","hentry","question-category-others"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>User certificate enrollment with enrollment agent in computer context - WindowsTechno Community<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/community.windowstechno.com\/community\/question\/user-certificate-enrollment-with-enrollment-agent-in-computer-context\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"User certificate enrollment with enrollment agent in computer context - WindowsTechno Community\" \/>\n<meta property=\"og:description\" content=\"Hi there, Problem: I want to only allow users on certain machines, our laptops, to enroll for a certificate. I thought it might work with an enrollment agent, which is auto enrolled on those computers in a specified security group and than allow users having this key to enroll for the certificate. I modified templates [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/community.windowstechno.com\/community\/question\/user-certificate-enrollment-with-enrollment-agent-in-computer-context\/\" \/>\n<meta property=\"og:site_name\" content=\"WindowsTechno Community\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/community.windowstechno.com\/community\/question\/user-certificate-enrollment-with-enrollment-agent-in-computer-context\/\",\"url\":\"https:\/\/community.windowstechno.com\/community\/question\/user-certificate-enrollment-with-enrollment-agent-in-computer-context\/\",\"name\":\"User certificate enrollment with enrollment agent in computer context - WindowsTechno Community\",\"isPartOf\":{\"@id\":\"https:\/\/community.windowstechno.com\/community\/#website\"},\"datePublished\":\"2023-02-16T18:37:04+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/community.windowstechno.com\/community\/question\/user-certificate-enrollment-with-enrollment-agent-in-computer-context\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/community.windowstechno.com\/community\/question\/user-certificate-enrollment-with-enrollment-agent-in-computer-context\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/community.windowstechno.com\/community\/question\/user-certificate-enrollment-with-enrollment-agent-in-computer-context\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/community.windowstechno.com\/community\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Questions\",\"item\":\"https:\/\/community.windowstechno.com\/community\/questions\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"User certificate enrollment with enrollment agent in computer context\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/community.windowstechno.com\/community\/#website\",\"url\":\"https:\/\/community.windowstechno.com\/community\/\",\"name\":\"WindowsTechno Community\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/community.windowstechno.com\/community\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/community.windowstechno.com\/community\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/community.windowstechno.com\/community\/#organization\",\"name\":\"WindowsTechno Community\",\"url\":\"https:\/\/community.windowstechno.com\/community\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/community.windowstechno.com\/community\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/community.windowstechno.com\/community\/wp-content\/uploads\/2023\/02\/WindowsTechnoLogo.jpg\",\"contentUrl\":\"https:\/\/community.windowstechno.com\/community\/wp-content\/uploads\/2023\/02\/WindowsTechnoLogo.jpg\",\"width\":335,\"height\":101,\"caption\":\"WindowsTechno Community\"},\"image\":{\"@id\":\"https:\/\/community.windowstechno.com\/community\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"User certificate enrollment with enrollment agent in computer context - WindowsTechno Community","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/community.windowstechno.com\/community\/question\/user-certificate-enrollment-with-enrollment-agent-in-computer-context\/","og_locale":"en_US","og_type":"article","og_title":"User certificate enrollment with enrollment agent in computer context - WindowsTechno Community","og_description":"Hi there, Problem: I want to only allow users on certain machines, our laptops, to enroll for a certificate. I thought it might work with an enrollment agent, which is auto enrolled on those computers in a specified security group and than allow users having this key to enroll for the certificate. I modified templates [&hellip;]","og_url":"https:\/\/community.windowstechno.com\/community\/question\/user-certificate-enrollment-with-enrollment-agent-in-computer-context\/","og_site_name":"WindowsTechno Community","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/community.windowstechno.com\/community\/question\/user-certificate-enrollment-with-enrollment-agent-in-computer-context\/","url":"https:\/\/community.windowstechno.com\/community\/question\/user-certificate-enrollment-with-enrollment-agent-in-computer-context\/","name":"User certificate enrollment with enrollment agent in computer context - WindowsTechno Community","isPartOf":{"@id":"https:\/\/community.windowstechno.com\/community\/#website"},"datePublished":"2023-02-16T18:37:04+00:00","breadcrumb":{"@id":"https:\/\/community.windowstechno.com\/community\/question\/user-certificate-enrollment-with-enrollment-agent-in-computer-context\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/community.windowstechno.com\/community\/question\/user-certificate-enrollment-with-enrollment-agent-in-computer-context\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/community.windowstechno.com\/community\/question\/user-certificate-enrollment-with-enrollment-agent-in-computer-context\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/community.windowstechno.com\/community\/"},{"@type":"ListItem","position":2,"name":"Questions","item":"https:\/\/community.windowstechno.com\/community\/questions\/"},{"@type":"ListItem","position":3,"name":"User certificate enrollment with enrollment agent in computer context"}]},{"@type":"WebSite","@id":"https:\/\/community.windowstechno.com\/community\/#website","url":"https:\/\/community.windowstechno.com\/community\/","name":"WindowsTechno Community","description":"","publisher":{"@id":"https:\/\/community.windowstechno.com\/community\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/community.windowstechno.com\/community\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/community.windowstechno.com\/community\/#organization","name":"WindowsTechno Community","url":"https:\/\/community.windowstechno.com\/community\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/community.windowstechno.com\/community\/#\/schema\/logo\/image\/","url":"https:\/\/community.windowstechno.com\/community\/wp-content\/uploads\/2023\/02\/WindowsTechnoLogo.jpg","contentUrl":"https:\/\/community.windowstechno.com\/community\/wp-content\/uploads\/2023\/02\/WindowsTechnoLogo.jpg","width":335,"height":101,"caption":"WindowsTechno Community"},"image":{"@id":"https:\/\/community.windowstechno.com\/community\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/community.windowstechno.com\/community\/wp-json\/wp\/v2\/question\/598","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.windowstechno.com\/community\/wp-json\/wp\/v2\/question"}],"about":[{"href":"https:\/\/community.windowstechno.com\/community\/wp-json\/wp\/v2\/types\/question"}],"replies":[{"embeddable":true,"href":"https:\/\/community.windowstechno.com\/community\/wp-json\/wp\/v2\/comments?post=598"}],"wp:attachment":[{"href":"https:\/\/community.windowstechno.com\/community\/wp-json\/wp\/v2\/media?parent=598"}],"wp:term":[{"taxonomy":"question-category","embeddable":true,"href":"https:\/\/community.windowstechno.com\/community\/wp-json\/wp\/v2\/question-category?post=598"},{"taxonomy":"question_tags","embeddable":true,"href":"https:\/\/community.windowstechno.com\/community\/wp-json\/wp\/v2\/question_tags?post=598"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}