Set permissions
The next step in Autoenrollment Server setup is to configure permissions for the AutoEnrollmentDCOMSrv service. Follow these steps:
Note
Changes described in this section must be re-applied when the Autoenrollment Server is updated or reinstalled.
Open Administrative Tools > Component Services. In the left pane, expand Component Services, Computers, and then My Computer, then select the DCOM Config folder.
In the right pane, right-click on AutoEnrollmentDCOMSrv and select Properties.
Select the Security tab. Under Launch and Activation Permissions, select the Customize option and then select Edit.
If not on the existing list, add the user and computer groups you want to be able to enroll certificates. For each group, check Allow for Local Activation and Remote Activation, and clear Allow for Local Launch and Remote Launch.
Select OK to close the dialog and apply changes.
Under Access Permissions, select the Customize option and then select Edit.
If not on the existing list, add the user and computer groups you want to be able to enroll certificates. For each group, check Allow for Local Access and Remote Access.
Select OK to close the dialog and apply changes.