Microsoft Windows Server 2003 SP2
Auto Enrollment Proxy (AEP)
AEP allows windows clients to enroll for certificate templates that they should not be authorized to enroll for.
For example: Web Server v1 template is configured with the following security permissions:
-Authenticated Users: Read
-Domain Admins: Read / Write / Enroll
-Enterprise Admins: Full Control
The Web Server v1 template is NOT configured on any of the enrollment objects in AD.
When a user installs LogMeIn on a member of a domain that has available certificate enrollment services, the installer appears to submit a request to any active Enterprise Enrollment object for a Web Server certificate.
The Auto Enrollment Proxy accepts and processes the request, even though neither the computer nor the user performing the installation have enrollment privileges for the Web Server template.
The AEP does not check what windows clients can enroll for certificate templates. The AEP receives the request and then forwards the request to the RCM CA.
Related Articles
Silent Collection Number of Views Announcing the May Release of SecurID Number of Views Enable Enrollment by Selecting Identity Sources Number of Views Cloud Administration Void Enrollment Code API Number of Views Cloud Administration Create Local User API Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
