Information Technology Reference
In-Depth Information
The CA must be set to allow autoenrollment by configuring request-handling options (see
Figure 11-10). The default option is “Follow the settings in the certificate template, if applica-
ble. Otherwise, issue the certificate automatically.” This option enables the CA to autoenroll
applicable templates, so normally there's no need to change it unless you want to disallow
autoenrollment. The “Set the certificate request status to pending option” accepts certificate
requests but requires an administrator to issue the certificate manually in the Certificates MMC.
Activity 11-4 explains this procedure.
Figure 11-10
Request-handling options
The following list summarizes the steps for configuring autoenrollment after you have
installed an issuing CA:
1. Create a certificate template.
2. Set options as needed in the Issuance Requirements and Request Handling tabs of the
Properties dialog box.
3. Configure the template to allow autoenrollment by setting the Autoenroll permission for the
users or groups who should autoenroll for the certificate.
4. Configure the Certificate Services Client - Auto-Enrollment policy.
5. Make sure the CA's request-handling options are configured to allow autoenrollment.
6. Add the template to the Certificate Templates folder under the CA server node.
Activity 11-4: Configuring Certificate Autoenrollment
Time Required
: 20 minutes
Objective:
Configure autoenrollment for users to use EFS.
Description:
Configure autoenrollment by configuring group policy and certificate template
properties.
1. Log on to
ServerXX
as Administrator and open Group Policy Management (GPMC).
2. Right-click the
Group Policy Objects
folder and click
New
. Type
CertAutoGPO
in the Name
text box, and then click
OK
.
Search WWH ::
Custom Search