In this guide we will configure Group Policy and the Certificate templates required for Auto-Enrollment of certificates.
This is a follow on guide to my previous post Guide - Deploying a Windows 2012 R2 Root CA and Subordinate CA
Configure the Group Policy Objects for Auto-Enrolment
Before you enable Auto enrolment ensure that the CRL is configured correctly on the issuing CA
Duplicate the existing Workstation Authentication Template and rename this, below we’ve used Workstation Authentication (Autoenroll)
Once configured click OK
Duplicate the existing User Template and rename this, below we’ve used User (Autoenroll)
Once configured click OK
Using the Certificate Authority MMC Snap-In Add the new Templates to the CA as Certificate Template to Issue
Select the Templates you created and click OK
The following Group Policy settings need to be configured to enable Auto-Enrolment (either Default Domain Policy or a new policy as required)
Comments
Post a Comment