Windows 2008 R2 Enterprise running Certificate Services and pushing the Cert with a GPO automatically.
I have a Windows 2008 R2 Enterprise Certificate Server and am using a GPO to automatically push certs to users in an OU.
The GPO settings enabled are Computer Configuration/Policies/Windows Settings/Security Settings/Public Key Policies then enabling Certificate Services Client - Auto Enrollment, Certificate Path Validation Settings, Certificate Services Client - Certificate
Enrollment Policy.
If I disable and remove the GPO that is pushing the certs from my certificate server, will the certs be removed from the users? Or will they just expire after the 3 years I have them set too?
In otherwords, removing the GPO should have no effect on the already pushed certificates??
May 3rd, 2012 2:54pm
True, removing the GPO will just remove the autoenrollment settings, the certificates are not affected and will continue to be valid until they expire
/Hasain
Free Windows Admin Tool Kit Click here and download it now
May 4th, 2012 2:51am
Hi,
If I disable and remove the GPO that is pushing the certs from my certificate server, will the certs be removed from the users
>> Configure Public Key Group Policy is used to
Use automatic enrollment for computer certificates.
Add trusted root certificates for groups of computers.
Create CTLs for computers and users.
Designate EFS recovery agent accounts.
For details: Configure Public Key Group Policy (http://technet.microsoft.com/en-us/library/cc962057.aspx)
Hope this helps!
Best Regards
Elytis Cheng
TechNet Subscriber Support
If you are
TechNet Subscription user and have any
feedback on our support quality, please send your feedback here.Elytis Cheng
TechNet Community Support
May 4th, 2012 3:47am