Microsoft Windows Server 2003 SP2
Auto Enrollment Proxy (AEP)
AEP allows windows clients to enroll for certificate templates that they should not be authorized to enroll for.
For example: Web Server v1 template is configured with the following security permissions:
-Authenticated Users: Read
-Domain Admins: Read / Write / Enroll
-Enterprise Admins: Full Control
The Web Server v1 template is NOT configured on any of the enrollment objects in AD.
When a user installs LogMeIn on a member of a domain that has available certificate enrollment services, the installer appears to submit a request to any active Enterprise Enrollment object for a Web Server certificate.
The Auto Enrollment Proxy accepts and processes the request, even though neither the computer nor the user performing the installation have enrollment privileges for the Web Server template.
The AEP does not check what windows clients can enroll for certificate templates. The AEP receives the request and then forwards the request to the RCM CA.
Related Articles
Silent Collection Number of Views Announcing the May Release of SecurID Number of Views Enable Enrollment by Selecting Identity Sources Number of Views Cloud Administration Void Enrollment Code API Number of Views Cloud Administration Generate Enrollment Code API Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
