CityInfoSys
asked on
Install a certificate via GPO
Currently we are manually adding certificates by this method:
1.) Open MMC.exe
2.) Add Snap In (Computer Account)
3.) Certificates
4.) Open Certificates\Trusted Root Certification Authorities\Certificates
5.) Right click on the Certificates Folder and import
We would like to push a certificate out by GPO however it is under Computer Configuration and we only have a user group (the people that need to have the certificate) so the policy would only apply to user configurations and not Computer Configurations. We can't drop the policy into the computers folder because it will apply to everyone. Is there a way to do this without coping the user's computer name into a separate folder and apply the policy?
Thanks
Server: Windows 2012R2
Computers: Windows 10 x64t
1.) Open MMC.exe
2.) Add Snap In (Computer Account)
3.) Certificates
4.) Open Certificates\Trusted Root Certification Authorities\Certificates
5.) Right click on the Certificates Folder and import
We would like to push a certificate out by GPO however it is under Computer Configuration and we only have a user group (the people that need to have the certificate) so the policy would only apply to user configurations and not Computer Configurations. We can't drop the policy into the computers folder because it will apply to everyone. Is there a way to do this without coping the user's computer name into a separate folder and apply the policy?
Thanks
Server: Windows 2012R2
Computers: Windows 10 x64t
Aside from creating a new OU, the only other thing you can do is create a Group with the computers that need the certificate in it, then changing the security filtering of the GPO to allow only that group to read and apply the group policy. The computers would be able to stay in the same OU, but the policy would only be read by computers that need the certificate. Aside from those two options, it isn't possible to deploy a GPO based Trusted Root Certificate to a specific group of users.
You can achieve through loopback policy .
Refer below link :
https://blogs.technet.microsoft.com/askds/2013/02/08/circle-back-to-loopback/
https://support.microsoft.com/en-us/kb/260370
http://unixwiz.net/techtips/deploy-webcert-gp.html
Refer below link :
https://blogs.technet.microsoft.com/askds/2013/02/08/circle-back-to-loopback/
https://support.microsoft.com/en-us/kb/260370
http://unixwiz.net/techtips/deploy-webcert-gp.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.