Re: ceritificate services

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 10/26/04 

Date: Tue, 26 Oct 2004 15:09:24 -0500

I just checked both links on my end and they are working fine for me. Maybe
it will work for you in a bit. Try the "tiny" links below to see if that
helps. --- Steve

http://tinyurl.com/63w5s
http://tinyurl.com/52apx

"slawal" <slawal@discussions.microsoft.com> wrote in message
news:29C18E46-666D-400B-8A83-8095472852AC@microsoft.com...
> Hey Steven,
> The link you sent me donot exist anymore . do you have any other link that
> can help.
> Slawal
>
> "Steven L Umbach" wrote:
>
>> You can either configure Group Policy for "automatic request" for
>> computer
>> certificates in the appropriate Group Policy in security settings/PKI
>> policies/automatic certificate request. You can add computer certificate
>> for
>> automatic request. This is your option if you are not using Windows 2003
>> Enterprise Server and also need to issue computer certificates to Windows
>> 2000 computers.
>>
>> Otherwise you can use the autoenrollement by selecting a template that
>> allows autenrollment and making sure that the computer accounts have
>> read/enroll/autoenrollment permissions IF all the computers that need
>> certificates are XP Pro/W2003 AND you are using Windows 2003 Enterprise
>> Server with an enterprise certificate authority. Computer accounts are
>> part
>> of the authenticated users group or you can create a global group and add
>> computer accounts to it and give that group permissions. The links below
>> will help. --- Steve
>>
>> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
>> -- autoenrollment.
>>
>> http://www.tacteam.net/isaserverorg/exchangekit/2003autoenroll/2003autoenroll.htm
>> -- Steps 1 - 5 show how to configure Group Policy for autoenrollment
>> though
>> computers/users will NOT recieve certificates unless they have
>> read/enroll/autoenroll permissions for the desired template. Steps 5 -10
>> shows how to configure automatic request for computer certificates. By
>> default computers already have permissions to the computer template. Note
>> that line ten sould read You should "now" see the Computer certificate
>> template in the right pane of the console.
>>
>> "slawal" <slawal@discussions.microsoft.com> wrote in message
>> news:AEBDBC9C-9CAB-48E4-B3AE-99FA7BF8CBB6@microsoft.com...
>> > Can anyone help me with how to setup autoenrollment of certificate for
>> > computers in windows 2003 server
>>
>>
>>

Relevant Pages

  • Re: Re: what happens when a computer joins a domain?
    ... Using the delegation of control wizard you can delegate the creation ... DELEGWIZ.INF file look at template 6..... ... If you delegate the creation of computer accounts to a group (e.g. ...
    (microsoft.public.win2000.active_directory)
  • Re: delegated rights only allow 10 changes
    ... defined that on an OU to create computer accounts ... Using the delegation of control wizard you can delegate the creation ... Add to the DELEGWIZ.INF file a NEW template you can use ...
    (microsoft.public.win2000.active_directory)
  • Re: Please Help- How to restrict anyone from creating computer accounts in default computer cont
    ... For true delegation it is better to delegate the right to create computer ... without quotes) With this you can only delegate computer account creation at ... If you delegate the creation of computer accounts to a group (e.g. ... Add to the DELEGWIZ.INF file a NEW template you can use to ...
    (microsoft.public.windows.server.active_directory)
Quantcast