In the enrollment endpoints outside the Windows Domain, add the enrollment policy as described in the following procedure.

To configure the enrollment policy in non-domain endpoints

  1. Log in to the non-domain endpoint.
  2. Run mmc.exe.
    The Microsoft Management Console appears.
  3. Select File > Add/Remove Snap-in.
    The Add/Remove Snap-ins dialog box appears.
  4. In the Available snap-ins list, select Certificates.
  5. Click Add.
    The Certificates snap-in dialog box appears.
  6. Select My user account.
  7. Click Finish to close the Certificates snap-in dialog box.
  8. Click OK to close the Add or Remove Snap-ins dialog box.
  9. In the tree view, expand Console Root > Certificates – Current User > Personal.
  10. Right-click Personal > All Tasks > Advanced Operations > Manage Enrollment Policies.
    The Manage Enrollment Policies dialog box appears.
  11. Click Add.
    The Certificate Enrollment Policy Server dialog box appears.
  12. In the Enter enrollment policy server URI field, enter the URL of the Certificate Enrollment Policy Web Service that you obtained earlier in Obtaining the URL of the Certificate Enrollment Policy Web Service.
  13. In the Authentication Type drop-down list, select Username/Password.
  14. Click Validate Server.
  15. When prompted, authenticate with your Windows user name and password.
  16. Click Add to add the URL and close the Certificate Enrollment Policy Server dialog box.
  17. Click OK.