You are an Enterprise administrator for contoso.com. The corporate network of the company consists of a single Active Directory domain. All servers on the corporate network run Windows Server 2008 and all client computers run Windows Vista. The company has an enterprise certification authority (CA).
You have been asked to install certificates automatically on each client computer and deploy the certificates to all users by using a new certificate template by using minimum amount of effort. You need to ensure that users have access to the new certificates when they log on to any client computer in the domain.
Which of the following options would you choose to accomplish the given task? (Select two. Each correct answer will form a part of the solution)
A.
Configure autoenrollment of certificates.
B.
Deploy an enterprise subordinate CA
C.
Configure roaming user profiles.
D.
Configure folder redirection.
E.
Configure Credential Roaming.
Explanation:
To ensure that users have access to the new certificates when they log on to any client computer in the domain while meeting other requirements, you need to Configure autoenrollment of certificates and Credential Roaming
The autoenrollment process grants certificates based on certificate templates that are supplied with Read, Enroll, and Autoenroll permissions for the users, groups, or computers who require autoenrollment.
With the credential roaming functionality, managed environments can now store X.509 certificates, certificate requests, and private keys specific to a user in Active Directory, independently from the profile.
The credential roaming implementation in Windows Vista and Windows Server “Longhorn” is additionally able to roam stored user names and passwords. This would ensure that users have access to the new certificates when they log on to any client computer in the domain
With credential roaming, once a domain user chooses in a Windows authentication dialog box to cache or ‘remember’ the current credentials, the user will have the same experience on any domain-joined computer that the user logs on to.
http://windowsitpro.com/article/articleid/48665/how-can-i-enable-digital-certificate-autoenrollment-in-windows-server-2003.html