deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 13:53:39 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Paolo Matarazzo
2022-11-15 15:29:32 -05:00
parent a91e5025f6
commit 4801714795
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
View File

@ -46,10 +46,10 @@ Expand the following sections to learn more about the process.
Follow these steps to create a certificate template: Follow these steps to create a certificate template:
1. Sign in to your issuing certificate authority (CA) 1. Sign in to your issuing certificate authority (CA) and open *Server Manager*
1. Open the **Certificate Authority** mmc snap-in console (%windir%\system32\certsrv.msc) 1. Select **Tools > Certification Authority**. The Certification Authority Microsoft Management Console (MMC) opens
1. In the left pane of the MMC, expand **Certification Authority (Local)**, and then expand your CA within the Certification Authority list 1. In the MMC, expand the CA name and right-click **Certificate Templates > Manage**
1. Right-click **Certificate Templates** and then select **Manage** to open the **Certificate Templates** console 1. The Certificate Templates console opens. All of the certificate templates are displayed in the details pane
1. Right-click the **Smartcard Logon** template and select **Duplicate Template** 1. Right-click the **Smartcard Logon** template and select **Duplicate Template**
![Duplicating Smartcard Template.](images/rdpcert/duplicatetemplate.png) ![Duplicating Smartcard Template.](images/rdpcert/duplicatetemplate.png)
@ -68,8 +68,8 @@ Follow these steps to create a certificate template:
1. Select **Fully distinguished name** from the **Subject name format** list if Fully distinguished name is not already selected 1. Select **Fully distinguished name** from the **Subject name format** list if Fully distinguished name is not already selected
1. Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name** 1. Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**
1. On the **Request Handling** tab: 1. On the **Request Handling** tab:
1. Select the **Renew with same key** check box
1. Set the Purpose to **Signature and smartcard logon** and select **Yes** when prompted to change the certificate purpose 1. Set the Purpose to **Signature and smartcard logon** and select **Yes** when prompted to change the certificate purpose
1. Select the **Renew with same key** check box
1. Select **Prompt the user during enrollment** 1. Select **Prompt the user during enrollment**
1. On the **Cryptography** tab: 1. On the **Cryptography** tab:
1. Set the Provider Category to **Key Storage Provider** 1. Set the Provider Category to **Key Storage Provider**
@ -83,8 +83,8 @@ Follow these steps to create a certificate template:
1. Close the Certificate Templates console 1. Close the Certificate Templates console
1. Open an elevated command prompt and change to a temporary working directory 1. Open an elevated command prompt and change to a temporary working directory
1. Execute the following command, replacing `\<TemplateName\>` with the Template name you took note of earlier in step 7c 1. Execute the following command, replacing `<TemplateName>` with the Template name you took note of earlier in step 7c
`certutil -dstemplate \<TemplateName\> \<TemplateName.txt\>` `certutil -dstemplate <TemplateName> > <TemplateName.txt>`
1. Open the text file created by the command above. 1. Open the text file created by the command above.
1. Delete the last line of the output from the file that reads `CertUtil: -dsTemplate command completed successfully.` 1. Delete the last line of the output from the file that reads `CertUtil: -dsTemplate command completed successfully.`
1. Modify the line that reads `pKIDefaultCSPs = "1,Microsoft Software Key Storage Provider"` to `pKIDefaultCSPs = "1,Microsoft Passport Key Storage Provider"` 1. Modify the line that reads `pKIDefaultCSPs = "1,Microsoft Software Key Storage Provider"` to `pKIDefaultCSPs = "1,Microsoft Passport Key Storage Provider"`