deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 21:33:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
caf39b5a087c6455fb8f99e2b71e93d3f384ecd1
windows-itpro-docs/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
Liz Long 2eae16f36f remove certain values from ms.collection
2022-12-08 16:56:46 -05:00

2.2 KiB
Raw Blame History

title, description, ms.assetid, ms.reviewer, ms.author, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.localizationpriority, author, manager, audience, ms.topic, ms.date, ms.technology, appliesto
title description ms.assetid ms.reviewer ms.author ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.localizationpriority author manager audience ms.topic ms.date ms.technology appliesto
Configure Group Policy to Autoenroll and Deploy Certificates (Windows) Learn how to configure Group Policy to automatically enroll client computer certificates and deploy them to the workstations on your network. faeb62b5-2cc3-42f7-bee5-53ba45d05c09 jekrynit paoloma windows-client deploy library security medium paolomatarazzo aaroncz ITPro conceptual 09/07/2021 itpro-security
<b>Windows 10</b>
<b>Windows 11</b>
<b>Windows Server 2016</b>
<b>Windows Server 2019</b>
<b>Windows Server 2022</b>

Configure Group Policy to Autoenroll and Deploy Certificates

You can use this procedure to configure Group Policy to automatically enroll client computer certificates and deploy them to the workstations on your network. Follow this procedure for each GPO that contains IPsec connection security rules that require this certificate.

Administrative credentials

To complete these procedures, you must be a member of both the Domain Admins group in the root domain of your forest and a member of the Enterprise Admins group.

To configure Group Policy to autoenroll certificates

  1. Open the Group Policy Management console.

  2. In the navigation pane, expand Forest: YourForestName, expand Domains, expand YourDomainName, expand Group Policy Objects, right-click the GPO you want to modify, and then click Edit.

  3. In the navigation pane, expand the following path: Computer Configuration, Policies, Windows Settings, Security Settings, Public Key Policies.

  4. Double-click Certificate Services Client - Auto-Enrollment.

  5. In the Properties dialog box, change Configuration Model to Enabled.

  6. Select both Renew expired certificates, update pending certificates, and remove revoked certificates and Update certificates that use certificate templates.

  7. Click OK to save your changes. Computers apply the GPO and download the certificate the next time Group Policy is refreshed.