I've been successfully testing a certificate deployment to add a certificate into trusted root on a user's machine with a TEST OU I've created and moving certain machines to it. This apply to computers rather than user accounts.
Now it's time to apply this to all our corp user computers within our domain. Just need to understand a few things. See screenshot
Based on the screenshot above, our corp users computers we put in the Managed Computers
OU. Is that where I should create the GPO?
After creating the GPO, under Security Filtering
, do I leave Authenticated Users
selected, and add Domain Computers
? Again, this GPO is computer based.
I noticed that during TESTING, although successful, the GPO never fully applied until I had to do a gpoupdate /force
command on the TEST user's machine. Even giving it a full day, I still had to force it. Shouldn't it apply to user's machine automatically after a few minutes or hours? I know all our DC's are replicated. Could that be the reason why? I'm just hoping I dont have to do a gpupdate /force for all users because that is not feasible.