I'm setting up a new 2012 R2 CA that will be used for distributing Config Manager 2012R2 client certificates to Windows 7 and 8.1 laptops that will be primarily Internet based as well as for other purposes for servers as old as Server 2008.
They will connect to VPN or come into the LAN to receive their certificates and client software.
The changes I have made from the default workstation certificate are as follows:
Created custom template name.
Certification Authority: Windows Server 2012 R2
Certificate recipient: Windows Vista/2008
Security: Domain Computers, allow read, enroll, autoenroll
Subject name format: None. Include this information in alternate subject name: DNS name (may be default)
Everything else is set from default settings from workstation authentication template, (1 year validity, 6 week renewal etc.)
Does anything need to be changed before I start allowing workstations to autoenroll using this template?
- Edited by MyGposts Wednesday, May 27, 2015 12:36 AM