Mobile users and certificates

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Mobile users and certificates

If you are a mobile user, you need to enable the use of certificates on your computer. Unless your system administrator preconfigures your computer with machine and user certificates before you receive it, you must connect to your corporate network by using conventional, password-based authentication methods to get your machine and user certificates. At the time you connect, you join your computer to the corporate domain, obtain certificates, and set certificates policy. The next time you connect to the corporate network, you can use certificate-based authentication methods such as EAP.

To enable the use of certificates on a computer, do the following:

  • Connect to the corporate network by using a dial-up or PPTP network connection, and authentication protocols such as MS-CHAP, or MS-CHAP┬áv2. When you connect, your computer name joins the corporate domain and receives machine certificates.

  • Request a user certificate. For more information about requesting certificates, see Request a certificate, Submit a user certificate request via the Web, and Requesting certificates.

  • Create another connection that uses certificate-based authentication, and then connect again by using certificate-based authentication methods such as EAP or IPSec. For more information about enabling a connection to use a smart card or other certificate, see Enable smart card or other certificate authentication.

You can avoid these steps by having your system administrator load machine and user certificates before you take your laptop out onto the road.


  • For machine certificates to be received automatically, you must implement public key policies (by using Group Policy) that autoenroll computers to receive certificates. If the machine certificate process is not automated, you must log on to your computer with administrative credentials, install Certificate Services, and request a computer certificate. For more information, see Manage certificates for a computer and Manage certificates for your user account.