Configuring Enrollment
Now you’re ready to configure enrollment. This is done through Group Policy. You can choose either to create a new Group Policy for this purpose or to modify an existing Group Policy object. This policy must be assigned to all members of the domain; therefore, the Default Domain Policy might be your best choice or, if you do not want to modify this policy, create a new policy and assign it to the entire domain. You use the Group Policy Management Console (GPMC) to do so.
Use the buttons below to navigate through the lesson
You will start by configuring the group policy on the Domain Controller, then finish the configuration on the issuing CA. Click Group Policy Management. Right click Default Domain Policy. Select Edit. Expand Computer Configuration>Policies>Windows Settings>Security Settings. Click Public Key Policies. Double click Certificate Services Client – Auto-Enrollment. Select Enabled. Select the Renew Expired Certificates, Update Pending Certificates, and Remove Revoked Certificates check box. Also select Update Certificates That Use Certificate Templates. Click OK.
Next expand User Configuration>Policies. Expand Windows Settings>Security Settings. Click Public Key Policies. Double click, Certificate Services Client – Auto-Enrollment. Select Enabled. Select the Renew Expired Certificates, Update Pending Certificates, and Remove Revoked Certificates check box. Also select Update Certificates That Use Certificate Templates. Set Expiration notification. Then click OK. Close dialogue box.
Configuring Enrollment
Return to the issuing CA and move to Server Manager to set the default action your issuing CA will use when it receives certificate requests. Right click CA Name and select Properties. Select Policy Modules tab. Click Properties. Select Follow The Settings In The Certificate Template, If Applicable. Otherwise, Automatically Issue The Certificate. Click OK. Your issuing CA is now ready for production and will begin to issue certificates automatically when they are requested either by devices or by users.
