Information Technology Reference
In-Depth Information
Configuring autoenrollment
If you're using AD CS, configure Group Policy to autoenroll certificates to both servers and
clients by configuring the Default Domain Policy. To enable autoenrollment, follow these steps:
1.
Open the Group Policy Management Console (gpmc.msc); in the console tree, expand
the domain you want to configure.
2.
Expand Group Policy Objects and right-click Default Domain Policy. Select Edit from
the menu.
3.
In the Group Policy Management Editor, navigate to Computer Configuration/Policies/
Windows Settings/Security Settings/Public Key Policies.
4.
In the Object Type pane, double-click Certificate Services Client - Auto-Enrollment.
5.
On the Enrollment Policy Configuration tab shown in Figure 4-25, select Enabled from
the Configuration Model list.
FIGURE 4-25
The Certificate Services Client - Auto-Enrollment Properties dialog box
6.
Select the Renew Expired Certificates, Update Pending Certificates, And Remove
Revoked Certificates check box, and then select Update Certificates That Use
Certificate Templates.
7.
Click OK, and then exit out of the Group Policy Management Editor and the Group
Policy Management Console.
