Installation of CA trust anchor for remote users
Hi Folks, I have a Windows Server 2008r2 Domain Controller and Certificate Authority. I have the 3 various web services Role Services also installed. Things are working quite well. I have remote uses. They need to install the CA Trust Anchor on their various machines. How do they do this without exporting the Trust Anchor to removable media and visiting each machine? Full Disclosure: I tried http://.../CertSrv and that almost works correctly. I am offered the correct Trust Anchor and I have the chance to install it, but if I don't explicitly declare "Please install the certificate in the "Trusted Root Certificate Authorities" store, then I have NO idea where it actually goes and I can't find it. I can't expect my users to know and understand this. Automatic installation must work correctly, and that is really the substance of my question. How do I get the automatic installation to do the right thing? Thanks for the help, Chris.
August 17th, 2012 3:13pm

HI Chris for the machine in the domain or forest you can deploy it via the GPO under both user and computer :policies\windows setting\security setting\Public Key services\TrustedRoot Certification Autorities\ add your Root certificate there, this will automatic deploy it on all PC and User where the GPO is apply. if you try to to this for user where the computer is not part of your domain , and they will be enroll via the web enrollment ii little modification of the webpage do the job by adding a javascript to install in the user browser in the TRusted Root store , Stef71
Free Windows Admin Tool Kit Click here and download it now
August 18th, 2012 12:00am

Hi Stef, I didn't say it explicitly, but I think it is clear from context that my remote users are not members of the domain, and therefore Group Policy has no jurisdiction over them.Thanks for the help, Chris.
August 20th, 2012 1:35pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics