PrepAway - Latest Free Exam Questions & Answers

Which two actions should you perform?

You have Active Directory Certificate Services (AD CS) deployed.

You create a custom certificate template.
You need to ensure that all of the users in the domain automatically enroll for a certificate
based on the custom certificate template.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

PrepAway - Latest Free Exam Questions & Answers

A.
In a Group Policy object (GPO), configure the autoenrollment settings.

B.
In a Group Policy object (GPO), configure the Automatic Certificate Request Settings.

C.
On the certificate template, assign the Read and Autoenroll permission to the
Authenticated Users group.

D.
On the certificate template, assign the Read, Enroll, and Autoenroll permission to the
Domain Users group.

Explanation:
http://technet.microsoft.com/en-us/library/dd379539.aspx
To automatically enroll client computers for certificates in a domain environment, you must:
Configure an autoenrollment policy for the domain.
(…)
In Configuration Model, select Enabled to enable autoenrollment.
Configure certificate templates for autoenrollment.
(…)
In the Permissions for Authenticated Users list, select Read, Enroll, and Autoenroll in the
Allow column, and then click OK and Close to finish
Configure an enterprise CA.


Leave a Reply