Guest Sean Posted August 9, 2007 Posted August 9, 2007 Hi I'm trying to clean up our Active Directory Group Policies and we have quite a few that were configured by my predecessor and his predecessor ad infinitum... Some of the stuff I can see straight away why it's configured but other things I've never come across and I'm unsure how to proceed. One of these things is Autoenrollment of Certificates in Group Policy under User Configuration > Windows Settings > Security Settings > Public Key Policies/Autoenrollment Settings. This is enabled under my Default Domain GPO and in another GPO for All Staff in the next branch down. Any assistance much appreciated. Sean
Guest Myweb Posted August 9, 2007 Posted August 9, 2007 Re: Autoenrollment - What does it do? Why do I need it? Hello Sean, Seems that you have a Certification Authority server in your domain, have a look here about Autoenrollment: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx Best regards Myweb Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. > Hi > > I'm trying to clean up our Active Directory Group Policies and we have > quite a few that were configured by my predecessor and his predecessor > ad infinitum... > > Some of the stuff I can see straight away why it's configured but > other things I've never come across and I'm unsure how to proceed. > > One of these things is Autoenrollment of Certificates in Group Policy > under > > User Configuration > Windows Settings > Security Settings > Public Key > Policies/Autoenrollment Settings. > > This is enabled under my Default Domain GPO and in another GPO for All > Staff in the next branch down. > > Any assistance much appreciated. > > Sean >
Guest Sean Posted August 9, 2007 Posted August 9, 2007 Re: Autoenrollment - What does it do? Why do I need it? I can't think why we have one to be honest, I don't think we have anything that requires a valid CA for authentication, unless it's just part and parcel of the domain. I have an idea it was setup like that a couple of years back to allow an administrator access to decrypt something as there is one certificate in group policy in our domain that expired sometime last year for decrypting something??? Sean "Myweb" <meiweb@gmx.de> wrote in message news:ff16fb6649b8a8c9a8c97463bead@msnews.microsoft.com... > Hello Sean, > > Seems that you have a Certification Authority server in your domain, have > a look here about Autoenrollment: > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx > > Best regards > > Myweb > Disclaimer: This posting is provided "AS IS" with no warranties, and > confers no rights. > >> Hi >> >> I'm trying to clean up our Active Directory Group Policies and we have >> quite a few that were configured by my predecessor and his predecessor >> ad infinitum... >> >> Some of the stuff I can see straight away why it's configured but >> other things I've never come across and I'm unsure how to proceed. >> >> One of these things is Autoenrollment of Certificates in Group Policy >> under >> >> User Configuration > Windows Settings > Security Settings > Public Key >> Policies/Autoenrollment Settings. >> >> This is enabled under my Default Domain GPO and in another GPO for All >> Staff in the next branch down. >> >> Any assistance much appreciated. >> >> Sean >> > >
Recommended Posts