Solved

Install a certificate via GPO

Posted on 2016-09-07
3
48 Views
Last Modified: 2016-09-08
Currently we are manually adding certificates by this method:

1.) Open MMC.exe
2.) Add Snap In (Computer Account)
3.) Certificates
4.) Open Certificates\Trusted Root Certification Authorities\Certificates
5.) Right click on the Certificates Folder and import

We would like to push a certificate out by GPO however it is under Computer Configuration and we only have a user group (the people that need to have the certificate) so the policy would only apply to user configurations and not Computer Configurations. We can't drop the policy into the computers folder because it will apply to everyone. Is there a way to do this without coping the user's computer name into a separate folder and apply the policy?
Thanks



Server: Windows 2012R2
Computers: Windows 10 x64t
0
Comment
Question by:CityInfoSys
  • 2
3 Comments
 
LVL 39

Expert Comment

by:Adam Brown
ID: 41788823
Aside from creating a new OU, the only other thing you can do is create a Group with the computers that need the certificate in it, then changing the security filtering of the GPO to allow only that group to read and apply the group policy. The computers would be able to stay in the same OU, but the policy would only be read by computers that need the certificate. Aside from those two options, it isn't possible to deploy a GPO based Trusted Root Certificate to a specific group of users.
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 41789067
0
 
LVL 39

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41789086
Loopback policy allows User policies to apply to users that log in to computers the policy applies to. It will not assist in resolving this issue, which is where a Computer policy needs to apply to a specific set of users. There is, unfortunately, no way to accomplish this particular task without knowing the computers that those users will be logging in to, then applying the policy specifically to those computers. The only methods of accomplishing that task is to group the computers into an OU or Security Group, then either link the GPO to the OU or configure security filtering so the Security group is the only group that can apply the policy.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question