GPO for PKI/CA

quickslvr
quickslvr used Ask the Experts™
on
meantime, i created a PKI that works.

now i would like to add some GPO to automate certain tasks. i already have created a GPO for autoenrollment.

are there any other GPO that make sense?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Senior Active Directory Engineer
Top Expert 2012
Commented:
No, just only auto enrollment. This is enough but you need to allow on your certificates to be auto enrolled to domain users. For that you need to duplicate default CA certificates (to v2 or v3 version) in CA Templates console.

Regards,
Krzysztof
For computers that auto enrollment is straightforward. As for the user template, don't forget to configure the security to allow Domain Users to Allow Read, Enroll, and Autoenroll.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial