| Platform SDK: Smart Card Enrollment Control |
The Smart Card Enrollment Control is intended to be used by an administrator to enroll on behalf of smart card users. The enrollment process results in a certificate being issued on the user's smart card.
The Smart Card Enrollment Control is contained in scrdenrl.dll and consists of one object, SCrdEnr. No other objects are included in scrdenrl.dll. This Smart Card Enrollment object can be used with a script language, such as Microsoft® Visual Basic® Scripting Edition (VBScript).
A smart card reader must be installed on the machine running the Smart Card Enrollment Control.
Additionally, the smart card issuer must have obtained a signing certificate based on the "EnrollmentAgent" certificate template. This signing certificate will be used to sign the certificate request generated on behalf of the smart card recipient. By default, domain administrators are granted permission to request a certificate based on the "Enrollment Agent" template. Another user can be granted permission to enroll for an "EnrollmentAgent" certificate (by means of the Active Directory Sites and Services MMC snap-in); doing so, however, allows this user to self-issue a smart card with domain administrator privileges.