Location: Internal enrolment edit settings link in Administration > Courses > Enrolments
By default, students can enrol themselves on whatever courses they choose. They do so by clicking on the course name then answering yes to the question "You are about to enrol yourself as a member of this course. Are you sure you wish to do this?" You can restrict users from enrolling on whatever courses they choose by setting an enrolment key.
A trick to avoid the confirmation message is to make a link to the course with '&confirm=1' on the end after enrol.php e.g. http://moodle.org/course/enrol.php?id=50&confirm=1 Which will take you straight to the course page and enrol you transparently.
Role of key holder
In Moodle 1.8.3 onwards the role of keyholder may be set. This only affects the screen that students will see when they attempt to enrol on a course where an enrolment key is specified. The screen will list anybody who is assigned to the specified role (in the course context) as contacts to request the enrolment key. If this is not set (the default) or there is nobody assigned to the role in a given course the "old" behaviour is used, which is to display the name of the first person with update privilege for the course.
Enrolment key hint
In Moodle 1.9.3 onwards, the enrolment key hint (the first character of the enrolment key) may be disabled by setting enrol_manual_showhint to No.
Enforcing enrolment key complexity
In Moodle 1.9.4 onwards, enrolment key complexity may be enforced according to the site password policy by setting enrol_manual_usepasswordpolicy to Yes. (The site password policy is set in Administration > Security > Site policies.)
Enforcing enrolment key usage
In Moodle 1.9.4 onwards, the use of enrolment keys in new courses may be enforced by setting enrol_manual_requirekey to Yes. This will also result in teachers being prevented from removing enrolment keys from existing courses.