Update Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md
All checks were successful
GitOps Automatic Deployment / GitOps Automatic Deployment (push) Successful in 8s
All checks were successful
GitOps Automatic Deployment / GitOps Automatic Deployment (push) Successful in 8s
This commit is contained in:
@ -161,14 +161,6 @@ At this point, we will need to focus on getting the certificate signing request
|
||||
- Right-click the CA node in the treeview on the left-hand sidebar (e.g. `BunnyLab-SubordinateCA-01`)
|
||||
- Click on "**All Tasks" > "Start Service**"
|
||||
- Verify that the CA status is now green (running).
|
||||
### Certificate Template Permissions
|
||||
Lastly, we need to adjust the security permissions of the "Domain Controller Authentication" template so that domain controllers have read permissions to the template.
|
||||
|
||||
- Right-Click ""**Certificate Templates**" > Manage
|
||||
- Right-click "**Domain Controller Authentication**" > Properties
|
||||
- Click on the "**Security**" tab
|
||||
- Under the "Domain Controllers" permission, ensure that "Allow:Read" is checked, as well as "Enroll" and "Autoenroll", then click "OK"
|
||||
- Repeat the above step except for the "**Domain Controller**" certificate template's properties instead.
|
||||
|
||||
## Create Auto-Enrollment Group Policy
|
||||
The Certificate Auto-Enrollment Group Policy enables domain-joined devices (*computers, including domain controllers*) to automatically request, renew, and install certificates from the Enterprise CA (in this case, the Subordinate CA `LAB-CA-02`).
|
||||
|
||||
Reference in New Issue
Block a user