Hi Guys,
I am implementing EAP-TLS NPS solution for WiFi network, and I have a requirement for non exportable user certificates to be issued for a user group. Is there a way to autoenroll users with a user certificate, and if it is compromised at some point, they would not be able to request another one, and only domain admin would be able to enroll them again? I am not an expert, i managed to create a non exportable user certificate template, and configure autoenrollment but i want it to be more secure lets say in a case when a laptop would be stolen while user is logged on, i need to revoke cert and i dont want user to be able to enroll again.
I hope you understand my question,
Please help
Cheers
VK