Share via


ExecuteOperations.SetProposedAdminPin Method (Guid, String)

Store a specific proposed administrator PIN for the smart card.

Namespace: Microsoft.Clm.Provision
Assembly: Microsoft.Clm.Provision (in Microsoft.Clm.Provision.dll)

Usage

'Usage
Dim smartcardUuid As Guid
Dim newPin As String

ExecuteOperations.SetProposedAdminPin(smartcardUuid, newPin)

Syntax

'Declaration
Public Shared Sub SetProposedAdminPin ( _
    smartcardUuid As Guid, _
    newPin As String _
)
public static void SetProposedAdminPin (
    Guid smartcardUuid,
    string newPin
)
public:
static void SetProposedAdminPin (
    Guid smartcardUuid, 
    String^ newPin
)
public static void SetProposedAdminPin (
    Guid smartcardUuid, 
    String newPin
)
public static function SetProposedAdminPin (
    smartcardUuid : Guid, 
    newPin : String
)

Parameters

  • smartcardUuid
    A Guid object that identifies the smart card for which to store the administrator PIN.
  • newPin
    A String object that contains the smart card’s proposed administrator PIN.

Remarks

This method stores a specific new proposed administrator PIN in the FIM CM database. This operation is only applicable to PKCS#11 administrator PIN based smart cards. This call is not valid for Base CSP based smart cards. This call requires that PIN rollover is enabled in the profile template for the smart card. Also, the new proposed administrator PIN must meet the administrator PIN requirements that are specified in the profile template.

For PKCS#11 administrator PIN based cards, FIM CM allows for a two step process of updating the smart card’s administrator PIN. First, a new administrator PIN would be set as proposed. Then, after confirmation of the action being performed on the smart card, the administrator PIN would be set as active in the FIM CM database. A given PKCS#11 smart card in FIM CM can have one active administrator PIN and one proposed administrator PIN. Callers of this method must be members of the security group that is configured in the web.config file in order to be authorized to perform this operation.

In order for a call to this method to succeed, the caller of the method must be authorized to call the methods in the Sensitive API group. The Sensitive API group includes those methods where the caller has access to sensitive data. This includes the administrator PIN, the user PIN, the Base CSP administrator authentication key, and/or the Base CSP challenge response information.

To allow for a user, or a group of users, to be authorized to call the methods in the Sensitive API group, FIM CM must be configured as follows:

  1. Open the web.config file that is associated with the FIM CM Web Virtual Directory (the default location of this file is %programfiles%\Microsoft Certificate Lifecycle Manager\web\web.config).

  2. Locate the configuration section for the Sensitive API group, which resembles the following:

  3. <add key="Clm.ProvisionApi.SensitiveApiGroup" value="" />

  4. By default, FIM CM does not authorize any users to call the methods in the Sensitive API group.

  5. Set the value to the name of a security group that contains the users who are to be authorized to call the methods in the Sensitive API group. The security group must be specified in the "domainname\groupname" format. For example:

  6. <add key="Clm.ProvisionApi.SensitiveApiGroup" value="domain\SensitiveApiUserGroup" />

  7. Save the web.config file.

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Development Platforms

Windows 2008 x64 Edition

Target Platforms

Windows XP SP3, Windows Vista SP1+, Windows 7, Windows Server 2008, Windows Server 2008 R2

See Also

Reference

ExecuteOperations Class
ExecuteOperations Members
Microsoft.Clm.Provision Namespace