PolicyServerUrlFlags enumeration

The PolicyServerUrlFlags enumeration contains certificate enrollment policy (CEP) server flags. It is used by the Initialize method on the ICertPropertyEnrollmentPolicyServer interface.

Syntax

typedef enum PolicyServerUrlFlags {
  PsfNone,
  PsfLocationGroupPolicy,
  PsfLocationRegistry,
  PsfUseClientId,
  PsfAutoEnrollmentEnabled,
  PsfAllowUnTrustedCA
} ;

Constants

PsfNone No flags are specified.
PsfLocationGroupPolicy Policy information is specified in group policy by an administrator.
PsfLocationRegistry Policy information is specified in the registry.
PsfUseClientId Specifies that certificate enrollments and renewals include client specific data in a ClientId attribute. Examples include the name of the cryptographic service provider, the Windows version number, the user name, the computer DNS name, and the domain controller DNS name. This flag can be set by group policy.

This flag has been included to address privacy concerns that can arise during enrollment to servers that are managed by administrators other than those who manage the forest in which the user resides. By not setting this flag, you can prevent sending personal information to non-local administrators.
PsfAutoEnrollmentEnabled Automatic certificate enrollment is enabled.
PsfAllowUnTrustedCA Specifies that the certificate of the issuing CA need not be trusted by the client to install a certificate signed by the CA.

Requirements

   
Minimum supported client Windows 7 [desktop apps only]
Minimum supported server Windows Server 2008 R2 [desktop apps only]
Header certenroll.h

See also

ICertPropertyEnrollmentPolicyServer

Initialize