Saturday, December 24, 2016

Configure Windows server to not enforce password for certificate enrollment

Please refer below link:

http://www.petenetlive.com/KB/Article/0000947

NDES Disable Password Requirement.

I've read a few blogs and articles that say;
"There is no way for Cisco devices to supply the required password to enroll with NDES/MSCEP, so you need to disable the requirement for a password."
This is NOT TRUE, however the whole point of issuing certificates via your PKI infrastructure, is that it can scale dramatically. If you are creating passwords and embedding those passwords in all your enrollments, it can get a little unwieldy. So it may be sensible to remove the password requirement.
1. Windows Key+R > regedit {Enter} > Navigate to;
HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Cryptography > MSCEP > EnforcePassword > EnforcePassword
To disable change the value to 0 (zero).
Disable NDES Password Enforce
Below you can see the difference, with the password requirement enforced, and without.
Get NDES password
2. Restart the Certificate Services Service;
net stop certsvc net start certsvc
Restart Certificate Services

No comments:

Post a Comment