Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority



Similar documents
Exchange 2010 PKI Configuration Guide

Install the Production Treasury Root Certificate (Vista / Win 7)

Step-by-Step Guide for Setting Up VPN-based Remote Access in a

SCCM Client Checklist for Windows 7

AD CS.

Active Directory Software Deployment

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Step-by-step installation guide for monitoring untrusted servers using Operations Manager (Part 1 of 3)

Create, Link, or Edit a GPO with Active Directory Users and Computers

EventTracker: Support to Non English Systems

Browser-based Support Console

NetWrix Password Manager. Quick Start Guide

How To Install Ctera Agent On A Pc Or Macbook With Acedo (Windows) On A Macbook Or Macintosh (Windows Xp) On An Ubuntu (Windows 7) On Pc Or Ipad

Sharpdesk V3.5. Push Installation Guide for system administrator Version

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

Windows Server Update Services 3.0 SP2 Step By Step Guide

MailStore Outlook Add-in Deployment

Lab A: Deploying and Managing Software by Using Group Policy Answer Key

Use 802.1x EAP-TLS or PEAP-MS-CHAP v2 with Microsoft Windows Server 2003 to Make a Secure Network

6421B: How to Install and Configure DirectAccess

HOTPin Integration Guide: DirectAccess

Administration Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

YubiKey PIV Deployment Guide

SafeWord Domain Login Agent Step-by-Step Guide

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

Installing Samsung SDS CellWe EMM cloud connectors and administrator consoles

SECO Whitepaper. SuisseID Smart Card Logon Configuration Guide. Prepared for SECO. Publish Date Version V1.0

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

DriveLock Quick Start Guide

Specops Command. Installation Guide

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab

Setting Up SSL on IIS6 for MEGA Advisor

ACTIVE DIRECTORY DEPLOYMENT

Parallels Mac Management for Microsoft SCCM 2012

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

Distributing SMS v2.0

Administrator s Plus. Backup Process. A Get Started Guide

Active Directory integration with CloudByte ElastiStor

RSA Security Analytics

NetIQ Advanced Authentication Framework - Administrative Tools. Installation Guide. Version 5.1.0

Symantec Endpoint Encryption Full Disk

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

2. Using Notepad, create a file called c:\demote.txt containing the following information:

Managing User Accounts

AVG Business SSO Connecting to Active Directory

Cloud Attached Storage

Certificate Management

Configuring a Custom Load Evaluator Use the XenApp1 virtual machine, logged on as the XenApp\administrator user for this task.

How to Configure a Secure Connection to Microsoft SQL Server

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

Protecting Juniper SA using Certificate-Based Authentication. Quick Start Guide

Parallels Mac Management for Microsoft SCCM

Step By Step Guide: Demonstrate DirectAccess in a Test Lab

How to deploy fonts using Configuration Manager 2012 R2

Installing Windows Server Update Services (WSUS) on Windows Server 2012 R2 Essentials

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Microsoft IAS Configuration for RADIUS Authorization

Microsoft OCS with IPC-R: SIP (M)TLS Trunking. directpacket Product Supplement

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

Monitoring Inventory. Inventory Management. This chapter includes the following sections:

Moving the TRITON Reporting Databases

Promap V4 ActiveX MSI File

Using Group Policy to Manage and Enforce ACL on VNX for File P/N REV A01 February 2011

Deploy two-tier hierarchy of PKI

Managing User Accounts

Technical Reference: Deploying the SofTrack MSI Installer

Secunia CSI integrated with WSUS (SCCM)

APNS Certificate generating and installation

Moving the Web Security Log Database

Parallels Mac Management for Microsoft SCCM

NetIQ Advanced Authentication Framework. FIDO U2F Authentication Provider Installation Guide. Version 5.1.0

4cast Client Specification and Installation

Appendix E. Captioning Manager system requirements. Installing the Captioning Manager

MICROSOFT STEP BY STEP INTERACTIVE VERSION 3.0 ADMINISTRATION GUIDE

Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication

Microsoft Exchange 2010 and 2007

Migrating MSDE to Microsoft SQL 2008 R2 Express

DMZ Server monitoring with

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

DeviceLock Management via Group Policy

Releasing blocked in Data Security

CONFIGURE THE BUCCANEER WIRELESS NETWORK USING WINDOWS HELP

EM L12 Symantec Mobile Management and Managed PKI Hands-On Lab

Comodo MyDLP Software Version 2.0. Endpoint Installation Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

SOLARWINDS ORION. Patch Manager Evaluation Guide for ConfigMgr 2012

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

SARANGSoft WinBackup Business v2.5 Client Installation Guide

Administration Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

Comodo ONE Software Version 1.8

Windows SharePoint Services Installation Guide

Copyright

How do I set up a branch office VPN tunnel with the Management Server?

Wavecrest Certificate

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

Application Notes for Microsoft Office Communicator Clients with Avaya Communication Manager Phones - Issue 1.1

Transcription:

In this post we will see the steps for deploying the client certificate for windows computers. This post is a part of Deploy PKI Certificates for SCCM 2012 R2 Step by Step Guide. In the previous post we saw the PKI certificate requirements for SCCM 2012 R2, how to deploy web server certificate for site systems that run IIS. The next step is to deploy the client certificate for windows computers. You can log in with a root domain administrator account or an enterprise domain administrator account and use this account for all procedures in this example deployment. This certificate deployment for windows computers has the following procedures: Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority Configuring Auto enrollment of the Workstation Authentication Template by Using Group Policy Automatically Enrolling the Workstation Authentication Certificate and Verifying Its Installation on Computers Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority On the member server that is running the Certification Authority console, right-click Certificate Templates, and then click Manage to load the Certificate Templates management console. In the results pane, right-click the entry that displays Workstation Authentication in the column Template Display Name, and then click Duplicate Template. In the Duplicate Template dialog box, ensure that Windows Server 2003 is selected.

In the Properties of New Template dialog box, on the General tab, enter a template name to generate the client certificates that will be used on Configuration Manager client computers, such as SCCM Client Certificate.

Click the Security tab, select the Domain Computers group, and select the additional permissions of Read and Autoenroll. Do not clear Enroll. Click OK and close Certificate Templates Console.

In the Certification Authority console, right-click Certificate Templates, click New, and then click Certificate Template to Issue. In the Enable Certificate Templates dialog box, select the new template that you have just created, SCCM Client Certificate, and then click OK. Close Certification Authority. Configuring Auto enrollment of the Workstation Authentication Template by Using Group Policy On the domain controller, launch the Group Policy Management. Navigate to your domain, right-click the domain, and then select Create a GPO in this domain, and Link it here. In the New GPO dialog box, enter a name for the new Group Policy, such as Autoenroll Certificates, and click OK

In the results pane, on the Linked Group Policy Objects tab, right-click the new Group Policy, and then click Edit. In the Group Policy Management Editor, expand Policies under Computer Configuration, and then navigate to Windows Settings > Security Settings > Public Key Policies. Rightclick the object type named Certificate Services Client Auto-enrollment, and then click Properties

From the Configuration Model drop-down list, select Enabled, select Renew expired certificates, update pending certificates, and remove revoked certificates, select Update certificates that use certificate templates, and then click OK. Close the GPMC. Automatically Enrolling the Workstation Authentication Certificate and Verifying Its Installation on Computers In the above steps we have configured auto enrollment of the workstation authentication template by using group policy. This procedure installs the client certificate on computers and verifies the installation. Restart the workstation computer, and wait a few minutes before logging on. Using the mmc command open the Certificate snap-in dialog box, select Computer account, and then click Next. In the Select Computer dialog box, ensure that Local computer: (the computer this console is running on) is selected, and then click Finish. In the console, expand Certificates (Local Computer), expand Personal, and then click Certificates. In the results pane, confirm that a certificate is displayed that has Client Authentication displayed in the Intended Purpose column, and that SCCM Client Certificate is displayed in the Certificate Template column. Close the console.

You need to repeat same steps for the member server to verify that the server that will be configured as the management point also has a client certificate. The computer is now provisioned with a Configuration Manager client certificate.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information