Microsoft Windows Server 2003 SP2
Auto Enrollment Proxy (AEP)
AEP allows windows clients to enroll for certificate templates that they should not be authorized to enroll for.
For example: Web Server v1 template is configured with the following security permissions:
-Authenticated Users: Read
-Domain Admins: Read / Write / Enroll
-Enterprise Admins: Full Control
The Web Server v1 template is NOT configured on any of the enrollment objects in AD.
When a user installs LogMeIn on a member of a domain that has available certificate enrollment services, the installer appears to submit a request to any active Enterprise Enrollment object for a Web Server certificate.
The Auto Enrollment Proxy accepts and processes the request, even though neither the computer nor the user performing the installation have enrollment privileges for the Web Server template.
The AEP does not check what windows clients can enroll for certificate templates. The AEP receives the request and then forwards the request to the RCM CA.
Related Articles
Announcing the May Release of SecurID Number of Views Silent Collection Number of Views Enable Enrollment by Selecting Identity Sources Number of Views Cloud Administration Void Enrollment Code API Number of Views Cloud Administration Retrieve License Usage API Version 1 Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
