Hello all, I've been asked to look into the feasibility of issuing computer certificates from a 2008 R2 enterprise CA to client machines and have the machine leverage its TPM chip for private key storage. The idea is to completely avoid the possibility of someone being able to make copies of the certificate & keypair without having to deploy smart cards. I was wondering if anyone has actually achieved this, and how difficult it was. Thanks in advance!