From a1e2649c21b9ef5662da5f5c412a902ff559ca9b Mon Sep 17 00:00:00 2001 From: Nicole Rappe Date: Wed, 23 Jul 2025 16:22:28 -0600 Subject: [PATCH] Update Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md --- .../Roles/Active Directory Certificate Services.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md b/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md index 049159e..3616e5b 100644 --- a/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md +++ b/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md @@ -161,14 +161,6 @@ At this point, we will need to focus on getting the certificate signing request - Right-click the CA node in the treeview on the left-hand sidebar (e.g. `BunnyLab-SubordinateCA-01`) - Click on "**All Tasks" > "Start Service**" - Verify that the CA status is now green (running). -### Certificate Template Permissions -Lastly, we need to adjust the security permissions of the "Domain Controller Authentication" template so that domain controllers have read permissions to the template. - -- Right-Click ""**Certificate Templates**" > Manage - - Right-click "**Domain Controller Authentication**" > Properties - - Click on the "**Security**" tab - - Under the "Domain Controllers" permission, ensure that "Allow:Read" is checked, as well as "Enroll" and "Autoenroll", then click "OK" - - Repeat the above step except for the "**Domain Controller**" certificate template's properties instead. ## Create Auto-Enrollment Group Policy The Certificate Auto-Enrollment Group Policy enables domain-joined devices (*computers, including domain controllers*) to automatically request, renew, and install certificates from the Enterprise CA (in this case, the Subordinate CA `LAB-CA-02`).