Improve company productivity with a Business Account.Sign Up

x
?
Solved

Install a certificate via GPO

Posted on 2016-09-07
3
Medium Priority
?
72 Views
Last Modified: 2016-09-08
Currently we are manually adding certificates by this method:

1.) Open MMC.exe
2.) Add Snap In (Computer Account)
3.) Certificates
4.) Open Certificates\Trusted Root Certification Authorities\Certificates
5.) Right click on the Certificates Folder and import

We would like to push a certificate out by GPO however it is under Computer Configuration and we only have a user group (the people that need to have the certificate) so the policy would only apply to user configurations and not Computer Configurations. We can't drop the policy into the computers folder because it will apply to everyone. Is there a way to do this without coping the user's computer name into a separate folder and apply the policy?
Thanks



Server: Windows 2012R2
Computers: Windows 10 x64t
0
Comment
Question by:CityInfoSys
  • 2
3 Comments
 
LVL 44

Expert Comment

by:Adam Brown
ID: 41788823
Aside from creating a new OU, the only other thing you can do is create a Group with the computers that need the certificate in it, then changing the security filtering of the GPO to allow only that group to read and apply the group policy. The computers would be able to stay in the same OU, but the policy would only be read by computers that need the certificate. Aside from those two options, it isn't possible to deploy a GPO based Trusted Root Certificate to a specific group of users.
0
 
LVL 44

Accepted Solution

by:
Adam Brown earned 2000 total points
ID: 41789086
Loopback policy allows User policies to apply to users that log in to computers the policy applies to. It will not assist in resolving this issue, which is where a Computer policy needs to apply to a specific set of users. There is, unfortunately, no way to accomplish this particular task without knowing the computers that those users will be logging in to, then applying the policy specifically to those computers. The only methods of accomplishing that task is to group the computers into an OU or Security Group, then either link the GPO to the OU or configure security filtering so the Security group is the only group that can apply the policy.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question