If a computer account is a member of the forest, installing a computer certificate allows the computer to connect to the network before a user logs on to the com puter. This enables application of the following:
■ Computer Group Policy Objects (GPOs)
■ Logon scripts configured within a user-assigned GPO
If the computer is not issued a certificate, users log on to the computer with cached credentials. Only after the logon process is complete do users gain access to their Client Authentication certificates, permitting them to connect to the corporate network.
The Workstation Authentication or Computer certificate template can be used to provide the client computer a certificate with the Client Authentication applica tion policy OID. A universal or global group containing the computer account must be assigned Read, Enroll, and Autoenroll permissions for the Workstation Authenti cation certificate or Read and Enroll permissions for the Computer certificate.
Was this article helpful?