Firstly - ensure that the certificate templates you wish to auto-enroll have the appropriate permissions designated for the target machines.
Create and link a new GPO to your OU containing all of your workstations e.g. Computer Policy.
Edit the GPO and navigate to User Configuration >> Windows Settings >> Security Settings >> Public Key Policies >> Certificate Services Client - Auto-Enrollment:
- Configuration Model = Enabled.
- Renew expired certificates, update pending certificates, and remove revoked certificates = Ticked.
- Update certificates that use certificate templates = Ticked.
Apply the settings and then test on the clients by issuing:
gpupdate /force
(Sometimes a restart of the computer can do the trick if the certificates are not showing up after a gpupdate.)
No comments:
Post a Comment