deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-28 00:33:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #7263 from JASTOKER/patch-7

Browse Source 
Adding cloud kerberos trust
This commit is contained in:
Angela Fleischmann
2022-10-19 15:15:16 -06:00
committed by GitHub
parent 22e4367c9d 2e6ca9736f
commit 5242be0aac
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
View File

@ -15,13 +15,14 @@ appliesto:
-<b>Windows 11</b> -<b>Windows 11</b>
-<b>Hybrid deployment</b> -<b>Hybrid deployment</b>
-<b>Key trust</b> -<b>Key trust</b>
-<b>Cloud Kerberos trust</b>
--- ---
# Deploying Certificates to Key Trust Users to Enable RDP # Deploy Certificates to Key Trust and Cloud Kerberos Trust Users to Enable RDP
Windows Hello for Business supports using a certificate as the supplied credential when establishing a remote desktop connection to a server or other device. For certificate trust deployments, creation of this certificate occurs at container creation time. Windows Hello for Business supports using a certificate as the supplied credential when establishing a remote desktop connection to a server or other device. For certificate trust deployments, creation of this certificate occurs at container creation time.
This document discusses an approach for key trust deployments where authentication certificates can be deployed to an existing key trust user. This document discusses an approach for key trust and cloud Kerberos trust deployments where authentication certificates can be deployed to an existing WHFB user.
Three approaches are documented here: Three approaches are documented here:
@ -77,7 +78,7 @@ Three approaches are documented here:
1. Tick **Microsoft Software Key Storage Provider** 1. Tick **Microsoft Software Key Storage Provider**
1. Set the Request hash to **SHA256** 1. Set the Request hash to **SHA256**
1. On the **Security** tab, add the security group that you want to give **Enroll** access to. For example, if you want to give access to all users, select the **Authenticated** users group, and then select Enroll permissions for them . 1. On the **Security** tab, add the security group that you want to give **Enroll** access to. For example, if you want to give access to all users, select the **Authenticated** users group, and then select Enroll permissions for them.
1. Click **OK** to finalize your changes and create the new template. Your new template should now appear in the list of Certificate Templates. 1. Click **OK** to finalize your changes and create the new template. Your new template should now appear in the list of Certificate Templates.
@ -87,7 +88,7 @@ Three approaches are documented here:
1. Execute the following command: 1. Execute the following command:
certutil -dstemplate \<TemplateName\> \> \<TemplateName\>.txt `certutil -dstemplate \<TemplateName\> \> \<TemplateName\>.txt`
Replace \<TemplateName\> with the Template name you took note of earlier in step 7. Replace \<TemplateName\> with the Template name you took note of earlier in step 7.