Welcome back from subpart 1: "Intro and Publish CT – Duplicate and configure the user certificate template permissions to enable autoenrollment".
This is 2nd one: "Auto Enroll policy GPO and Test"!
[00:14] Membership in Domain Admins or Enterprise Admins, or equivalent, is the minimum required to complete this procedure.
On a domain controller running Windows Server 2008 R2 or Windows Server 2008, click Start, point to Administrative Tools, and then click Group Policy Management.
Open up Group Policy Management from Administrative Tools to set auto-enroll of this certificate up.
[00:42] In this lab, we will create a separate GPO by click Create a GPO in this domain, and Link it here… to create a new auto enroll policy.
[01:22] "Public Key Infrastructure Part 7 – Enrollment and Auto-enrollment" – tech-coffee.net
[01:26] "Active Directory Domain Controllers and certificate auto-enrollment" – morgansimonsen.com
[01:32] Edit this policy through Group Policy Management Editor (GPMC), go to User Configuration, Windows Settings, Security Settings, and then click Public Key Policies.
+ Renew expired certificates, update pending certificates, and remove revoked certificates enables autoenrollment for certificate renewal, issuance of pending certificate requests, and the automatic removal of revoked certificates from a user's certificate store.
[02:20] + Update certificates that use certificate templates enable autoenrollment for the issuance of certificates that supersede issued certificates.
[02:31] "Configure Certificate Autoenrollment" – technet.microsoft.com
[02:37] "Windows 2008 PKI / Certificate Authority (AD CS) basics" – corelan.be
[02:46] You may wonder that after only a few steps: the cert duplication, permissions were configured, the Group Policy deployment and update gpupdate /force; the cert now isn't distributed as expected?
You can request the following types of certificates. Select the certificates you want to request, and then click Enroll.
Select the Show all templates option to see at least, the CT is available but it's STATUS: Unavailable.
Fortunately, in this case, we got it!
Check out my part 2 video about this Auto-Enroll: "Troubleshooting after the User certificate template duplication, permissions, and Group Policy configurations".
Have some knowledge about deployment error symptoms: CT publishing, GP scope, security principals, etc. , as well as the fundamental of PKI/Certificate Auto-Enrollment, can shape your administrative skills!