Re: autoenrollment/autorenewal

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 10/07/04 

Date: Wed, 6 Oct 2004 18:30:07 -0500

Autoenrollment is not tied to any particular VPN server. It is a Group
Policy setting that allows computers and users to automatically receive
certificates defined in the Group Policy setting. Those certificates can be
used domain wide, or anywhere they are trusted meaning that when they are
used for authentication the server they are being presented to for
authentication has a valid copy of the Certificate Authority's certificate
in it's trusted root certificates store. --- Steve

"Paul Company" <pjc@callwave.com> wrote in message
news:OKMcSN9qEHA.896@TK2MSFTNGP12.phx.gbl...
>I currently have two L2TP/IPSEC VPN servers which run Windows 2003 Standard
> Edition,
> but I want to take advantage of autoenrollment/autorenewal which is only
> supported by
> Windows 2003 Enterprise.
>
> Most of our VPN clients are XP.
>
> Is autoenrollment/autorenewal tied to the VPN server, or can I have a
> single
> machine
> running Windows 2003 Enterprise (that's not a VPN server) that handles
> autoenrollment/autorenewal
> for my VPN clients which connect to our two VPN servers running Windows
> 2003
> Standard Edition.
>
> Here are some links explaining autoenrollment/autorenewal:
>
> http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_CS_whatsnew.asp
>
> http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_CS_userauto_example.asp
>
> http://www.serverwatch.com/tutorials/article.php/3084941
>
>
> Thanks,
>
> paul
>
>

Relevant Pages

  • Re: Setting up VPN over IPsec Win2k/Win2k Server
    ... to trust the CA that issued the certificates. ... certificate with a private key in it's personal folder. ... Also for Windows 2000 as a VPN server, l2tp will NOT work if there is a NAT ...
    (microsoft.public.security)
  • Re: Certificate for VPN Client has expired (Computer Certificate)
    ... >> Autoenrollment is used. ... So when users are connected to LAN everything ... and then certificates are not updated. ... > renew/enroll computer certs as W2K only supports ACRS (computer ...
    (microsoft.public.windowsxp.network_web)
  • Re: Has anyone got Win2K RRAS <-> XP Pre-Shared Keys to work through VPN?
    ... is not hard to set up a Certificate Authority to issue computer certificates ... of setting up a CA to issue ipsec certificates for l2tp. ... Other considerations are that l2tp will not work if NAT is used in the VPN ... be opened on firewalls in the path to the VPN server. ...
    (microsoft.public.win2000.ras_routing)
  • Re: Has anyone got Win2K RRAS <-> XP Pre-Shared Keys to work through VPN?
    ... is not hard to set up a Certificate Authority to issue computer certificates ... of setting up a CA to issue ipsec certificates for l2tp. ... Other considerations are that l2tp will not work if NAT is used in the VPN ... be opened on firewalls in the path to the VPN server. ...
    (microsoft.public.win2000.networking)
  • Re: Has anyone got Win2K RRAS <-> XP Pre-Shared Keys to work through VPN?
    ... is not hard to set up a Certificate Authority to issue computer certificates ... of setting up a CA to issue ipsec certificates for l2tp. ... Other considerations are that l2tp will not work if NAT is used in the VPN ... be opened on firewalls in the path to the VPN server. ...
    (microsoft.public.win2000.security)