Solved

Install a certificate via GPO

Posted on 2016-09-07
3
35 Views
Last Modified: 2016-09-08
Currently we are manually adding certificates by this method:

1.) Open MMC.exe
2.) Add Snap In (Computer Account)
3.) Certificates
4.) Open Certificates\Trusted Root Certification Authorities\Certificates
5.) Right click on the Certificates Folder and import

We would like to push a certificate out by GPO however it is under Computer Configuration and we only have a user group (the people that need to have the certificate) so the policy would only apply to user configurations and not Computer Configurations. We can't drop the policy into the computers folder because it will apply to everyone. Is there a way to do this without coping the user's computer name into a separate folder and apply the policy?
Thanks



Server: Windows 2012R2
Computers: Windows 10 x64t
0
Comment
Question by:CityInfoSys
  • 2
3 Comments
 
LVL 38

Expert Comment

by:Adam Brown
ID: 41788823
Aside from creating a new OU, the only other thing you can do is create a Group with the computers that need the certificate in it, then changing the security filtering of the GPO to allow only that group to read and apply the group policy. The computers would be able to stay in the same OU, but the policy would only be read by computers that need the certificate. Aside from those two options, it isn't possible to deploy a GPO based Trusted Root Certificate to a specific group of users.
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 41789067
0
 
LVL 38

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41789086
Loopback policy allows User policies to apply to users that log in to computers the policy applies to. It will not assist in resolving this issue, which is where a Computer policy needs to apply to a specific set of users. There is, unfortunately, no way to accomplish this particular task without knowing the computers that those users will be logging in to, then applying the policy specifically to those computers. The only methods of accomplishing that task is to group the computers into an OU or Security Group, then either link the GPO to the OU or configure security filtering so the Security group is the only group that can apply the policy.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This is my first article in EE and english is not my mother tongue so any comments you have or any corrections you would like to make, please feel free to speak up :) For those of you working with AD, you already are very familiar with the classi…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now