Hi all; Can any one explain me what -pluse switch do when using with "certutil" tool? Thanks

Certutil -pulse will initiate autoenrollment requests. It is equivalent to doing the following in the CertMgr.msc console (in Vista and Windows 7) Right-click Certificates , point to All Tasks , click Automatically Enroll and Retrieve Certificates . The command does require that - any autoenrollment GPO settings have already been applied to the target user or computer - a certificate template enables Read, Enroll and Autoenroll permissions for the user or a global or universal group containing the user - The group membership is recognized in the users Token (they have logged on after the membership was added HTH, Brian

Hi Brian, Is it safe to assume that -pulse will trigger autoenrollment on XP as well (assuming that the machine has certutil.exe)? Also, I was wondering if you have an explanation for an MS design decision regarding autoenrollment 1) I log onto Windows locally (not on the network) 2) The machine checks for group policy changes, but can't contact AD. Autoenrollment is also considered "complete" at this point 3) I connect to the network 4) A certain amount of time later, the machine checks for group policy updates again and succeeds. Autoenrollment does NOT trigger because it already did when I first logged in (even though it wasn't actually able to check) Our sales reps were burned badly by this because they are 100% remote. We designed the cert template with a renewal period of 10 weeks, but it doesn't seem as if that even mattered. These folks are all on XP SP3.