What should you do to configure Active Directory to support autoenrollment of certificates?

You are a network administrator for your company. The network consists of a single Windows 2000 Active Directory forest that has four domains. All client computers run Windows XP Professional. The company’s written security policy states that all e-mail messages must be electronically signed when sent to other employees.
You decide to deploy Certificate Services and automatically enroll users for e-mail authentication certificates. You install Windows Server 2003 on two member servers and install Certificate Services. You configure one Windows Server 2003 computer as a root certification authority (CA). You configure the other Windows Server 2003 server as an enterprise subordinate CA. You open Certificate Templates on the enterprise subordinate CA, but you are unable to configure certificates templates for autoenrollment.
The Certificate Templates administration tool is shown in the exhibit. (Click the Exhibit button.)
You need to configure Active Directory to support autoenrollment of certificates.
What should you do?

You are a network administrator for your company. The network consists of a single Windows 2000 Active Directory forest that has four domains. All client computers run Windows XP Professional. The company’s written security policy states that all e-mail messages must be electronically signed when sent to other employees.

You decide to deploy Certificate Services and automatically enroll users for e-mail authentication certificates. You install Windows Server 2003 on two member servers and install Certificate Services. You configure one Windows Server 2003 computer as a root certification authority (CA). You configure the other Windows Server 2003 server as an enterprise subordinate CA. You open Certificate Templates on the enterprise subordinate CA, but you are unable to configure certificates templates for autoenrollment.

The Certificate Templates administration tool is shown in the exhibit. (Click the Exhibit button.)

You need to configure Active Directory to support autoenrollment of  certificates.

What should you do?

A.
Run the adprep /forestprep command on the schema operations master.

B.
Place the enterprise subordinate CA’s computer account in the Cert Publishers Domain Local group.

C.
Run the adprep /domainprep command on a Windows 2000 Server domain controller that is in the same domain as the enterprise subordinate CA.

D.
Install Active Directory on the Windows Server 2003 member server that is functioning as the enterprise subordinate CA. Configure this server as an additional domain controller in the Windows 2000 Active Directory domain.



Leave a Reply 0

Your email address will not be published. Required fields are marked *