Autoenrollment - What does it do? Why do I need it?

  • Thread starter Thread starter Sean
  • Start date Start date
S

Sean

Guest
Hi

I'm trying to clean up our Active Directory Group Policies and we have quite
a few that were configured by my predecessor and his predecessor ad
infinitum...

Some of the stuff I can see straight away why it's configured but other
things I've never come across and I'm unsure how to proceed.

One of these things is Autoenrollment of Certificates in Group Policy under

User Configuration > Windows Settings > Security Settings > Public Key
Policies/Autoenrollment Settings.

This is enabled under my Default Domain GPO and in another GPO for All Staff
in the next branch down.

Any assistance much appreciated.

Sean
 
Re: Autoenrollment - What does it do? Why do I need it?

Hello Sean,

Seems that you have a Certification Authority server in your domain, have
a look here about Autoenrollment:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx

Best regards

Myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

> Hi
>
> I'm trying to clean up our Active Directory Group Policies and we have
> quite a few that were configured by my predecessor and his predecessor
> ad infinitum...
>
> Some of the stuff I can see straight away why it's configured but
> other things I've never come across and I'm unsure how to proceed.
>
> One of these things is Autoenrollment of Certificates in Group Policy
> under
>
> User Configuration > Windows Settings > Security Settings > Public Key
> Policies/Autoenrollment Settings.
>
> This is enabled under my Default Domain GPO and in another GPO for All
> Staff in the next branch down.
>
> Any assistance much appreciated.
>
> Sean
>
 
Re: Autoenrollment - What does it do? Why do I need it?

I can't think why we have one to be honest, I don't think we have anything
that requires a valid CA for authentication, unless it's just part and
parcel of the domain.

I have an idea it was setup like that a couple of years back to allow an
administrator access to decrypt something as there is one certificate in
group policy in our domain that expired sometime last year for decrypting
something???

Sean

"Myweb" <meiweb@gmx.de> wrote in message
news:ff16fb6649b8a8c9a8c97463bead@msnews.microsoft.com...
> Hello Sean,
>
> Seems that you have a Certification Authority server in your domain, have
> a look here about Autoenrollment:
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
>
> Best regards
>
> Myweb
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
>
>> Hi
>>
>> I'm trying to clean up our Active Directory Group Policies and we have
>> quite a few that were configured by my predecessor and his predecessor
>> ad infinitum...
>>
>> Some of the stuff I can see straight away why it's configured but
>> other things I've never come across and I'm unsure how to proceed.
>>
>> One of these things is Autoenrollment of Certificates in Group Policy
>> under
>>
>> User Configuration > Windows Settings > Security Settings > Public Key
>> Policies/Autoenrollment Settings.
>>
>> This is enabled under my Default Domain GPO and in another GPO for All
>> Staff in the next branch down.
>>
>> Any assistance much appreciated.
>>
>> Sean
>>

>
>
 
Back
Top