Network Device Enrollment Service
E724317
Network Device Enrollment Service is a Windows Server role service that enables network devices to obtain digital certificates automatically from Active Directory Certificate Services using the Simple Certificate Enrollment Protocol (SCEP).
Statements (48)
| Predicate | Object |
|---|---|
| instanceOf |
Windows Server role service
ⓘ
certificate enrollment service ⓘ |
| abbreviation |
NDES
NERFINISHED
ⓘ
SCEP NERFINISHED ⓘ |
| availableIn |
Windows Server 2008
NERFINISHED
ⓘ
Windows Server 2008 R2 NERFINISHED ⓘ Windows Server 2012 NERFINISHED ⓘ Windows Server 2012 R2 NERFINISHED ⓘ Windows Server 2016 NERFINISHED ⓘ Windows Server 2019 NERFINISHED ⓘ Windows Server 2022 NERFINISHED ⓘ |
| category | public key infrastructure component ⓘ |
| componentOf | Active Directory Certificate Services NERFINISHED ⓘ |
| configuredFor | one or more SCEP certificate templates ⓘ |
| configuredVia |
IIS Manager
NERFINISHED
ⓘ
NDES configuration wizard ⓘ registry settings ⓘ |
| configuredWith | certificate templates for network devices ⓘ |
| dependsOn | HTTP-based communication ⓘ |
| enables | PKI integration for network infrastructure devices ⓘ |
| exposes | SCEP enrollment URL ⓘ |
| fullName | Network Device Enrollment Service NERFINISHED ⓘ |
| integratesWith |
Active Directory
NERFINISHED
ⓘ
enterprise Certification Authority NERFINISHED ⓘ |
| introducedIn | Windows Server 2008 NERFINISHED ⓘ |
| issues | X.509 certificates NERFINISHED ⓘ |
| purpose | to enable network devices to obtain digital certificates automatically ⓘ |
| requires |
Active Directory Certificate Services Certification Authority
NERFINISHED
ⓘ
IIS NERFINISHED ⓘ Windows Process Activation Service NERFINISHED ⓘ |
| roleServiceOf | AD CS role in Windows Server ⓘ |
| runsOn | Windows Server NERFINISHED ⓘ |
| securityConsideration |
must protect SCEP URL and shared secrets
ⓘ
should be deployed in a secure network segment ⓘ |
| supports |
VPN device certificate enrollment
ⓘ
automatic certificate enrollment for network devices ⓘ certificate renewal for devices ⓘ firewall certificate enrollment ⓘ key archival depending on CA configuration ⓘ non-domain-joined device certificate enrollment ⓘ policy-based certificate issuance via CA ⓘ router certificate enrollment ⓘ switch certificate enrollment ⓘ |
| uses |
MSCEP.dll for SCEP processing
ⓘ
enrollment agent certificates ⓘ enrollment challenge passwords ⓘ service account for NDES operations ⓘ |
| usesProtocol | Simple Certificate Enrollment Protocol NERFINISHED ⓘ |
Referenced by (2)
Full triples — surface form annotated when it differs from this entity's canonical label.