Solved

Install a certificate via GPO

Posted on 2016-09-07
3
44 Views
Last Modified: 2016-09-08
Currently we are manually adding certificates by this method:

1.) Open MMC.exe
2.) Add Snap In (Computer Account)
3.) Certificates
4.) Open Certificates\Trusted Root Certification Authorities\Certificates
5.) Right click on the Certificates Folder and import

We would like to push a certificate out by GPO however it is under Computer Configuration and we only have a user group (the people that need to have the certificate) so the policy would only apply to user configurations and not Computer Configurations. We can't drop the policy into the computers folder because it will apply to everyone. Is there a way to do this without coping the user's computer name into a separate folder and apply the policy?
Thanks



Server: Windows 2012R2
Computers: Windows 10 x64t
0
Comment
Question by:CityInfoSys
  • 2
3 Comments
 
LVL 39

Expert Comment

by:Adam Brown
ID: 41788823
Aside from creating a new OU, the only other thing you can do is create a Group with the computers that need the certificate in it, then changing the security filtering of the GPO to allow only that group to read and apply the group policy. The computers would be able to stay in the same OU, but the policy would only be read by computers that need the certificate. Aside from those two options, it isn't possible to deploy a GPO based Trusted Root Certificate to a specific group of users.
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 41789067
0
 
LVL 39

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41789086
Loopback policy allows User policies to apply to users that log in to computers the policy applies to. It will not assist in resolving this issue, which is where a Computer policy needs to apply to a specific set of users. There is, unfortunately, no way to accomplish this particular task without knowing the computers that those users will be logging in to, then applying the policy specifically to those computers. The only methods of accomplishing that task is to group the computers into an OU or Security Group, then either link the GPO to the OU or configure security filtering so the Security group is the only group that can apply the policy.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html) provided 218 attendees with a step-by-step guide for identifying Acti…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question