How to write an NDES policy module


Hi there!

This is Tochi Ezebube with the Active Directory Certificate Services (ADCS) engineering team; I wanted to share some further details on how to write a custom policy module for the ADCS Network Device Enrollment Service (NDES) in Windows Server 2012 R2 and onwards.

Here it is: how-to-write-an-ndes-policy-module.

And here's some general info on policy modules in NDES.

Let me know if you have any questions!

Tochi

Comments (1)

  1. MM says:

    Dear Tochi

    Your whitepaper was really a big help and at last I managed to create a dll based on the interface file certpol.idl that could be registered on the NDES-Server.
    But when I registered the ProgId the NDES-Service crashed with the following error messages:
    W12SCEP ID=2 Error The NetworkDeviceEnrollmentService can't be started (0x80040154). Class not registered.
    W12SCEP ID=53 Error The policy module "NetworkDeviceEnrollmentService" couldn't be started (0x80040154). Class not registered.
    Is there a possibility to verify the content of the dll or to check wether the installation is ok?

    Thanks for some advice.

Skip to main content