How to write an NDES policy module

Hi there!

This is Tochi Ezebube with the Active Directory Certificate Services (ADCS) engineering team; I wanted to share some further details on how to write a custom policy module for the ADCS Network Device Enrollment Service (NDES) in Windows Server 2012 R2 and onwards.

Here it is: how-to-write-an-ndes-policy-module.

And here's some general info on policy modules in NDES.

Let me know if you have any questions!

Tochi

Comments

• Anonymous
  February 07, 2017
  Dear TochiYour whitepaper was really a big help and at last I managed to create a dll based on the interface file certpol.idl that could be registered on the NDES-Server.But when I registered the ProgId the NDES-Service crashed with the following error messages:W12SCEP ID=2 Error The NetworkDeviceEnrollmentService can't be started (0x80040154). Class not registered.W12SCEP ID=53 Error The policy module "NetworkDeviceEnrollmentService" couldn't be started (0x80040154). Class not registered.Is there a possibility to verify the content of the dll or to check wether the installation is ok?Thanks for some advice.