To configure automatic certificate allocation from an enterprise CA

1. Open Active Directory Users and Computers.
2. In the console tree, double-click Active Directory Users and Computers, right-click the domain name in which your CA lives, and then click Properties.
3. On the Group Policy tab, click Default Domain Policy, and then click Edit.
4. In the console tree, right-click Automatic Certificate Request Settings, point to New, and then click Automatic Certificate Request.

   Where?

   • Computer Configuration
   • Windows Settings
   • Security Settings
   • Public Key Policies
   • Automatic Certificate Request Settings
5. When the Automatic Certificate Request wizard appears, click Next.
6. In Certificate templates, click Computer, and then click Next.

   Your enterprise root CA appears on the list.

7. Click the CA, click Next, and then click Finish.
8. To create a computer certificate for the CA computer, type the following at the command prompt:

   gpupdate /target:Computer

Notes

• XOX
• XOX

Related Topics