Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory
Certificate Services server role installed and is configured as an enterprise certification authority
(CA).
You need to ensure that all of the users in the domain are issued a certificate that can be used for
the following purposes:
Email security
Client authentication
Encrypting File System (EFS)
Which two actions should you perform? (Each correct answer presents part of the solution. Choose
two.)
A.
From a Group Policy, configure the Certificate Services Client – Auto-Enrollment settings.
B.
From a Group Policy, configure the Certificate Services Client – Certificate Enrollment Policy
settings.
C.
Modify the properties of the User certificate template, and then publish the template.
D.
Duplicate the User certificate template, and then publish the template.
E.
From a Group Policy, configure the Automatic Certificate Request Settings settings.
Explanation:
The default user template supports all of the requirements EXCEPT auto enroll as shown below:However a duplicated template from users has the ability to autoenroll:
The Automatic Certificate Request Settings GPO setting is only available to Computer, not user.
Manage Certificate Enrollment Policy by Using Group Policy.
http://technet.microsoft.com/en-us/library/dd851772.aspx
A & D. Explanation provided is spot on
Just for reference, you will need to check the Enroll checkbox before publishing the certificate. It is unchecked by default.
A and D done on the lap
If you need to ceck the Enroll checkbox, does that not imply you need to Modify the (duplicated) User Template?