Guide - User and Computer Auto-Enrollment Configuration

In this guide we will configure Group Policy and the Certificate templates required for Auto-Enrollment of certificates.

This is a follow on guide to my previous post Guide - Deploying a Windows 2012 R2 Root CA and Subordinate CA

Configure the Group Policy Objects for Auto-Enrolment

Before you enable Auto enrolment ensure that the CRL is configured correctly on the issuing CA

Duplicate the existing Workstation Authentication Template and rename this, below we’ve used Workstation Authentication (Autoenroll)

Once configured click OK
Duplicate the existing User Template and rename this, below we’ve used User (Autoenroll)

Once configured click OK
Using the Certificate Authority MMC Snap-In Add the new Templates to the CA as Certificate Template to Issue

Select the Templates you created and click OK

The following Group Policy settings need to be configured to enable Auto-Enrolment (either Default Domain Policy or a new policy as required)