Automatic Certificate Request Settings

ACRS is an automated enrollment process that is available in Windows 2000 Certificate Services and remains available in Windows Server 2003 Certificate Services. ACRS provides a method to automatically distribute certificates, but the supported scenarios are limited:

■ Certificates can be distributed to Windows 2000, Windows XP, and Windows Server 2003 computers that are domain members.

■ Only version 1 certificate templates can be distributed.

■ Certificates cannot be distributed to user accounts.

Although limited, ACRS is useful for distributing Computer or IPSec certificates to all computers in a domain. To enable ACRS:

1. From Administrative Tools, open Active Directory Users and Computers.

2. In the console tree, right-click the domain or OU where you want to implement the Automatic Certificate Request Settings Group Policy setting and click Properties.

Note You can also define the ACRS Group Policy setting at a site by using the Active Directory Sites and Services console.

3. In the DomainName or OUName Properties dialog box, on the Group Policy tab, create and edit a new Group Policy Object (GPO), or link and edit an existing GPO.

4. In the Group Policy Object Editor, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Public Key Policies, and click Automatic Certificate Request Settings.

5. In the console tree, right-click Automatic Certificate Request Settings, point to New, and click Automatic Certificate Request.

6. In the Automatic Certificate Request Setup Wizard, click Next.

7. In the Certificate Template page, in the list of available certificate templates, choose the version 1 certificate template for computers to you want to deploy automatically, and click Next.

8. In the Automatic Certificate Request Setup Wizard, click Finish.

+2 0

Post a comment