Hello. I'm not an expert when it comes to certificates, getting a non-compliance warning to the BPA for AD CS. Details are;
User autoenrollment group policy is not enabled
3/16/2014 2:48:19 PM
This certification authority (CA) was installed as an enterprise CA, but Group Policy settings for user autoenrollment have not been enabled.
An enterprise CA can use autoenrollment to simplify certificate issuance and renewal. If autoenrollment is not enabled, certificate issuance and renewal may not occur as expected.
If user autoenrollment is desired, use the Group Policy Management Console to configure user autoenrollment policy settings, and use the Certificate Templates snap-in to configure autoenrollment settings on the certificate templates.
More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=122630
I have followed the instructions in the link above to enable, but if I run a new scan, the BPA warning still exists. And if I view the Default Domain Policy details, it shows it's enabled.
How can I resolve this?