Does "Automatic Certificate Request" function in GPO will renew computer certificate when it is about to expire(reach renewal period). ? If not how can i renew them remontly (without direct interaction on user computer) ? (without using autoenrolment function - it is v1 template and i have windows 2003 std with enterprise ca).

Hi, you can check the following paragraph in the article: Automatic Computer Certificate Enrollment and Renewal You can use the Automatic Certificate Request Setup wizard (available from the Public Key section of the Group Policy console) to configure autoenrollment for computer certificates. Autoenrollment is not available for user certificates and does not function unless an enterprise CA is online to process certificate requests. You can configure autoenrollment for Computer, Domain Controller, and IPSec certificates. When autoenrollment is configured, the specified certificate types are issued automatically to all computers that are within the scope of the Public Key Group Policy and to all computers that have Enroll permissions for that certificate type. Autoenrollment certificates are issued the next time the computer logs on to the network. For example, if you configure autoenrollment for Computer certificates, the certificates are issued to all computers in the Domain Computers security group that are within the scope of the Public Key Group Policy. By default, all Windows 2000 computers are members of the Domain Computers security group, except for domain controllers, Routing and Remote Access servers, and Internet Authentication Services (IAS) servers. You can control which computers receive the Computer certificates by modifying the ACLs for the Computer certificate templates, for example, to grant Enroll permissions to a special security group composed of computers that you designate. Computers within the scope of the Public Key Group Policy that are members of the special security group are then issued Computer certificates the next time they log on to the network. In addition, you also can use organizational units (OUs) and Public Key Group Policy for those OUs to restrict autoenrollment to certain groups of computers. For example, you might create an IPSec Authentication OU that contains the Windows 2000 clients that you designate for IPSec authentication with certificates. To limit the scope of autoenrollment for IPSec certificates, configure Public Key Group Policy and autoenrollment for the IPSec Authentication OU. When autoenrollment is configured, the Computer certificates that are issued by autoenrollment also are automatically renewed from the enterprise issuing CA. You can also renew Computer certificates manually with the Certificate Renewal wizard or through the Certificate Services Web Enrollment Support pages. For detailed information, you can check the following link: Certificate Enrollment and Renewal Methods http://technet.microsoft.com/en-us/library/cc962066.aspxPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.