Implementing Microsoft DirectAccess Step by Step: Part 4
Once the network location server has been configured the next task in the DirectAccess deployment is to ensure that all domain members have a valid client authentication certificate. The steps to complete this task may vary depending on the overall certificate requirements for your environment. However, for the purposes of this scenario the following generic steps should be used:
Once the network location server has been configured the next task in the DirectAccess deployment is to ensure that all domain members have a valid client authentication certificate. The steps to complete this task may vary depending on the overall certificate requirements for your environment. However, for the purposes of this scenario the following generic steps should be used:
1. On DC01, launch Server Manager.
2. Expand Roles\Active Directory Certificate Services and select Certificate Templates.
3. Select the Workstation Authentication certificate template.
4. Right mouse click the template and select Duplicate Template.
5. In the Duplicate Template dialog box select the Windows Server 2003 Enterprise option and click OK.
6. Next, define the name of the template as example - Domain Machine Authentication.
7. Next, select the Security template and modify the Domain Computers permissions to include Autoenroll and click OK.
8. Now expand the Enterprise CA and right mouse click Certificate Templates, select New\Certificate Template to Issue.
9. In the Enable Certificate Templates dialog box choose the Example – Domain Machine Authentication certificate template and click OK.
Note
The steps in this section assume that the needed GPO changes to enable auto-enrolment have already been made.
No comments:
Post a Comment