Smart Card Auto-Enrollment Policies

hi, setting smart card auto-enrollments , seeing aepolicy on hkcu location not being set 7 (as per technet trouble-shooting article https://blogs.technet.microsoft.com/xdot509/2012/10/18/troubleshooting-autoenrollment/.

for certificate template have enabled auto enrollment valid certificate present , set auto-enroll security privilege users.  i able manually renew cert if open certmgr.msc.

i getting following entries in registry, (all 2012r2 servers , domain functional level windows 8.1 clients)

autoenrollment policy machine configured @ hklm\software\policies\microsoft\cryptography\autoenrollment\aepolicy = 7  (0x00000007)

autoenrollment policy user configured @ hkcu\software\policies\microsoft\cryptography\autoenrollment\aepolicy = 39  (0x00000027)

for group policies have following configured:

is user aepolicy setting of 39 going ok?  if not, why setting 39? how can make 7?

i wonder if has 2012r2 settings.  in gp certificate services client - auto-enrollment properties options different options see online.

what see online:

what see in 2012r2 server:

the last checkbox value 32, when combined value of 7, 39. pure value of 7, undo last checkbox "display user notifications...." should work is.

---

mark b. cooper, president , founder of pki solutions inc., former microsoft senior engineer , subject matter expert microsoft active directory certificate services (adcs). known “the pki guy” @ microsoft 10 years. connect mark @ http://www.pkisolutions.com

Windows Server  >  Security