IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

3.6.1-2 Auto Enroll policy GPO test-Duplicate and configure User Certificate Template permissions WS 2012

Welcome back from subpart 1: "Intro and Publish CT – Duplicate and configure the user certificate template permissions to enable autoenrollment".

This is 2nd one: "Auto Enroll policy GPO and Test"!

[00:14] Membership in Domain Admins or Enterprise Admins, or equivalent, is the minimum required to complete this procedure.

3 6 1 2 Auto Enroll policy GPO test Duplicate and configure User Certificate Template permissions WS 2012 | IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

On a domain controller running Windows Server 2008 R2 or Windows Server 2008, click Start, point to Administrative Tools, and then click Group Policy Management.

Open up Group Policy Management from Administrative Tools to set auto-enroll of this certificate up.

[00:42] In this lab, we will create a separate GPO by click Create a GPO in this domain, and Link it here… to create a new auto enroll policy.

3 6 1 2 Auto Enroll policy GPO test Duplicate and configure User Certificate Template permissions WS 2012 | IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

[01:22] "Public Key Infrastructure Part 7 – Enrollment and Auto-enrollment" – tech-coffee.net

3 6 1 2 Auto Enroll policy GPO test Duplicate and configure User Certificate Template permissions WS 2012 | IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

http://www.tech-coffee.net/public-key-infrastructure-part-7-enrollment-auto-enrollment/

[01:26] "Active Directory Domain Controllers and certificate auto-enrollment" – morgansimonsen.com

3 6 1 2 Auto Enroll policy GPO test Duplicate and configure User Certificate Template permissions WS 2012 | IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

https://morgansimonsen.com/2013/06/25/active-directory-domain-controllers-and-certificate-auto-enrollment/

[01:32] Edit this policy through Group Policy Management Editor (GPMC), go to User Configuration, Windows Settings, Security Settings, and then click Public Key Policies.

3 6 1 2 Auto Enroll policy GPO test Duplicate and configure User Certificate Template permissions WS 2012 | IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

+ Renew expired certificates, update pending certificates, and remove revoked certificates enables autoenrollment for certificate renewal, issuance of pending certificate requests, and the automatic removal of revoked certificates from a user's certificate store.

[02:20] + Update certificates that use certificate templates enable autoenrollment for the issuance of certificates that supersede issued certificates.

3 6 1 2 Auto Enroll policy GPO test Duplicate and configure User Certificate Template permissions WS 2012 | IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

[02:31] "Configure Certificate Autoenrollment" – technet.microsoft.com

3 6 1 2 Auto Enroll policy GPO test Duplicate and configure User Certificate Template permissions WS 2012 | IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731522(v=ws.11)

[02:37] "Windows 2008 PKI / Certificate Authority (AD CS) basics" – corelan.be

3 6 1 2 Auto Enroll policy GPO test Duplicate and configure User Certificate Template permissions WS 2012 | IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

https://www.corelan.be/index.php/2008/07/14/windows-2008-pki-certificate-authority-ad-cs-basics/

[02:46] You may wonder that after only a few steps: the cert duplication, permissions were configured, the Group Policy deployment and update gpupdate /force; the cert now isn't distributed as expected?

3 6 1 2 Auto Enroll policy GPO test Duplicate and configure User Certificate Template permissions WS 2012 | IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

Request Certificates

You can request the following types of certificates. Select the certificates you want to request, and then click Enroll.

Select the Show all templates option to see at least, the CT is available but it's STATUS: Unavailable.

Fortunately, in this case, we got it!

Check out my part 2 video about this Auto-Enroll: "Troubleshooting after the User certificate template duplication, permissions, and Group Policy configurations".

Have some knowledge about deployment error symptoms: CT publishing, GP scope, security principals, etc. , as well as the fundamental of PKI/Certificate Auto-Enrollment, can shape your administrative skills!

[03:46]

[SHAZAM]


http://shazam.marvel-it.icu/s=b61abe74&f=RZH8L4Tx

[YOUTUBE]
Auto Enroll policy GPO test-Duplicate and configure User Certificate Template permissions WS 2012

Tags

Related Articles

Back to top button