You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain.You are planning a public key infrastructure (PKI) for the company.
You want to ensure that users who log on to the domain receive a certificate that can be used to authenticate to Web sites.You create a new certificate template named User Authentication. You configure a Group Policy object (GPO) that applies to all users. The GPO specifies that user certificates must be enrolled when the policy is applied.
You install an enterprise certification authority (CA) on a computer that runs Windows Server 2003. Users report that when they log on, they do not have certificates to authenticate to Web sites that require certificate authentication.
You want to ensure that users receive certificates that can be used to authenticate to Web sites.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)
A.
On the User Authentication certificate template, select the Reenroll All Certificate Holders command.
B.
Assign the Domain Users group the Allow – Autoenroll permission for the User Authentication certificate template.
C.
Configure the CA to enable the User Authentication certificate template.
D.
Assign the Domain Users group the Allow – Issue and Manage Certificates permission for the CA.