ceritificate services

Discussion in 'Server Security' started by slawal, Oct 26, 2004.

  1. slawal

    slawal Guest

    Can anyone help me with how to setup autoenrollment of certificate for
    computers in windows 2003 server
     
    slawal, Oct 26, 2004
    #1
    1. Advertisements

  2. You can either configure Group Policy for "automatic request" for computer
    certificates in the appropriate Group Policy in security settings/PKI
    policies/automatic certificate request. You can add computer certificate for
    automatic request. This is your option if you are not using Windows 2003
    Enterprise Server and also need to issue computer certificates to Windows
    2000 computers.

    Otherwise you can use the autoenrollement by selecting a template that
    allows autenrollment and making sure that the computer accounts have
    read/enroll/autoenrollment permissions IF all the computers that need
    certificates are XP Pro/W2003 AND you are using Windows 2003 Enterprise
    Server with an enterprise certificate authority. Computer accounts are part
    of the authenticated users group or you can create a global group and add
    computer accounts to it and give that group permissions. The links below
    will help. --- Steve

    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
    -- autoenrollment.

    http://www.tacteam.net/isaserverorg/exchangekit/2003autoenroll/2003autoenroll.htm
    -- Steps 1 - 5 show how to configure Group Policy for autoenrollment though
    computers/users will NOT recieve certificates unless they have
    read/enroll/autoenroll permissions for the desired template. Steps 5 -10
    shows how to configure automatic request for computer certificates. By
    default computers already have permissions to the computer template. Note
    that line ten sould read You should "now" see the Computer certificate
    template in the right pane of the console.
     
    Steven L Umbach, Oct 26, 2004
    #2
    1. Advertisements

  3. slawal

    slawal Guest

    Hey Steven,
    The link you sent me donot exist anymore . do you have any other link that
    can help.
    Slawal
     
    slawal, Oct 26, 2004
    #3
  4. Steven L Umbach, Oct 26, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.