Automatic certificate enrollment for user certs - Question

hallo,

we have windows 2008 r2 domain , on 1 server have installed ad integrated certificate authority (ca). have duplicated user certificate template , granted auto enroll permission domain users. furthermore have created group policy, auto enrolls user certificate @ logon.

what works is: when user, has not yet user certificate, logs in @ computer, seconds after login, user certificate automatically enrolled via gpo , saved on computer (local certificate store, certificates). cert stored in user object in active directory.

i set option, not request new certificate if there 1 valid registered , available in active directory.

i realized, when user logs in on computer, new certificate not requested , enrolled (this ok), available certificate of user not automatically installed on computer itself. (local store). seems, certificate installed on computer, on user logged on, when certificate requested.

is there possibility configure, users automatically certificates installed on computers local certificate store, when user has valid cert in active directory?

greetings

flo

you have 2 options:

1) use smart cards;

2) use credential roaming service

---

my weblog: http://en-us.sysadmins.lv
powershell pki module: http://pspki.codeplex.com
check out new: powershell fciv tool.

Windows Server  >  Security