Wednesday, July 26, 2017

Add Workstation Authentication Certificates to All Workstations

Lab Challenge      Add Workstation Authentication Certificates to All Workstations

Overview----To complete this challenge, you will demonstrate how to add workstation authentication certificates to all workstations by writing the steps to complete the tasks described in the scenario.
Mindset-----You decide to use RADIUS for your organization. To ensure a secure environment, you decide to use digital certificates. How would you automatically add workstation authentication certificates to all client computers within your Company?
Completion time  15 minutes

Write out the steps you performed to complete the challenge.

1. On the Certificate Authority server, open server manager, open certificate authority under Tools, right-click on Certificate Templates and select Manage.

2. Right-click on the Workstation Authentication template and select Duplicate Template.
On the General tab enter the new name_(Newname) for the certificate template.
3. On the Security tab, under Group or user names, click Domain Computers and under Allow select the Enroll and Autoenroll permission check boxes. Select OK and close the Properties of New Template and close the Certificate Templates console.

4. From the Certificate Authority console right-click Certificate Templates, select New and select Certificate Template to Issue. Click the certificate template that was just configured and click OK. Close the Certificate Authority console.

5. In server manager, open the Group Policy Management console, right-click the Default Domain Policy and select Edit. Go to Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies.

6. Double-click Certificate Services Client - Auto-Enrollment, select Enabled for the configuration model.

7. Select Renew expired certificates, update pending certificates, remove revoked certificates, and Update certificates that use certificate templates check boxes. Click OK to close the dialog box.