.We have a application that does signature signing that requires a self signed certificate. The certificate has to be unique to the user and would also like to to extend the default 365 days out to 20 years.
So to clarify, the steps I would take as manual process would be to go to certmgr.msc
Under Personal> Certificates>right click request new certificate. Going through the menu, I select Active Directory. enrollment and select "Users". A self signed cert is not created under my name under personal>certificates.
I would prefer a powershell script to push this out, or if there is a GPO option that would be fantastic. Open to vb script as well if it can get the job done.
I have attached a word document with screenshots as better explanation.