Your network contains an Active Directory domain named contoso.com.
The domain contains an enterprise certification authority (CA).
You need to deploy certificates based on Version 1 templates to all of the computers in the
domain. The solution must minimize administrative effort.
You create a Group Policy object (GPO) named GPOl and link the GPO to the domain.
What should you do next?
A.
In GPOl, configure Certificate Services Client – Certificate Enrollment Policy.
B.
Duplicate the templates. In GPOl, configure Certificate Services Client – Auto-Enrollment.
C.
Duplicate the templates. In GPOl, configure Automatic Certificate Request Settings.
D.
In GPOl, configure Certificate Services Client – Auto-Enrollment.
Explanation:
Automatic certificate request settings
Certificate enrollment is the process of requesting, receiving, and installing a certificate. By
using automatic certificate settings in public key policies, you can have computers that are
associated with a Group Policy object (GPO) automatically enroll for certificates. This can
save you the step of explicitly enrolling for computer-related certificates for each computer.
After you establish an automatic certificate request, the actual certificate requests occur the
next time the computers associated with the GPO log on to the network.
Incorrect:
Not A: Certificate enrollment policy provides the locations of certification authorities (CAs)
and the types of certificates that can be requested. Organizations that are using Active
Directory Domain Services (AD DS) can use Group Policy to provide certificate enrollment
policy to domain members by using the Group Policy Management Console to configure the
certificate enrollment policy settings. The Certificates snap-in can be used to configure
certificate enrollment policy settings for individual client computers unless the Group Policy
setting is configured to disable user-configured enrollment policy.