9.11 Windows Logon Certificates utility
The Windows Logon Certificates utility provides PowerShell scripts that allow you to create strong certificate mappings in Active Directory using the X509IssuerSerialNumber mapping (as defined in KB5014754) to enable certificates issued by MyID to be used for Windows Logon after "Full Enforcement Mode" is enabled on domain controllers. The installation program provided updates the MyID database to allow you to run the scripts; you are recommended to run the PowerShell scripts as scheduled tasks on the appropriate servers.
For background on this procedure, see the following Microsoft Knowledge Base article:
-
KB5014754: Certificate-based authentication changes on Windows domain controllers.
See the readme and Windows Logon Certificates guide in the utility folder for details of running the Windows Logon Certificates utility.
Name |
Where is it? |
---|---|
Windows Logon Certificates |
\Support Tools\Windows logon certificates utility\ |