In this article I shall show you how to auto enroll the computer certificates for active directory computers, this method is almost similar to auto enrollment of user certificate but you need a different group policy for computer certificates. Also i am using the same three systems as I was using in previous articles that consists of:
Domain controller: W7cloud.com
CA server: CA.w7cloud.com have certificate authority role installed on it, you can learn more about installing certificate authority role on server 2008.
Test Client: PC3.w7cloud.com
You can issue the computer certificate by creating a duplicate certificate from certificate templates or you find the computer certificate by default in certificate templates (under your domain tab in CA role) on your CA server and you can use this certificate as it is. Here am using the default computer certificate instead of creating a duplicate template. We just need to define a Group policy for auto enrollment.
Create a Group Policy for auto enrollment of computer certificate and edit the policy for auto enrollment. From computer configurationpoliciessecurity settingpublic key policies open the properties of “certificate Services Client” and enable it for auto enrollment.
Then from automatic certificate request under computer configurationpoliciessecurity settingpublic key policies request the computer certificate by automatic certificate request. This process has a small wizard and where you just need to select the computer certificate for auto enrollment.
For testing you can login on to your domain controller, am using PC3.w7cloud.com. Open MMC console and add the certificate snap-in and select the computer account from given option. You will find the computer certificate there under the personal folder.
Tips: For quick enrollment you can try the gpupdate command in administrative command prompt and also restart your client system if you needed.
