question

JerryTrimmer-4708 avatar image
0 Votes"
JerryTrimmer-4708 asked LimitlessTechnology-2700 answered

Setting up PKI in Configuration Manager

I am currently setting up PKI in my Endpoint Configuration Manager environment. Every article I read mentions checking Read, Enroll and AutoEnroll for Domain Computers uder the security tab of the client certificate. None how ever say anything about Domain Controllers. We manage our Domain Controllers just like we do any other client. Should I add Domain Controllers to the template or do something else?

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

cthivierge avatar image
0 Votes"
cthivierge answered

There is 2 templates for Domain Controllers
"Domain Controller"
"Domain Controller Authentication" --> SmartCardLogon authentication

You should use one of this template for the DC's

hth

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello,

there are 2 templates that Microsoft has planned for this purpose:

https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki

Domain Controller
Domain Controller Authentication

You should be able to use one of both to reach your goal.

Best regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.