To configure automatic certificate allocation from an enterprise CA

1. Open Active Directory Users and Computers
2. In the console tree, double-click Active Directory Users and Computers, right-click the domain name in which your CA lives, and then click Properties.
3. On the Group Policy tab, click Default Domain Policy, and then click Edit.
4. In the console tree, click Automatic Certificate Request Settings.

   Where?

   • Computer Configuration
   • Windows Settings
   • Security Settings
   • Public Key Policies
   • Automatic Certificate Request Settings
5. Right-click Automatic Certificate Request Settings, point to New, and then click Automatic Certificate Request.
6. The Automatic Certificate Request wizard appears. Click Next.
7. In Certificate templates, click Computer, and then click Next.

   Your enterprise root CA appears on the list.

8. Click the CA, click Next, and then click Finish.
9. To create a computer certificate for the CA computer, type the following at a Windows 2000 command prompt:

   secedit /refreshpolicy machine_policy

 Note

• To open Active Directory Users and Computers, click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.

Working with MMC console files

EAP

Using smart cards for remote access

Deploying certificate-based authentication for demand-dial routing

Business partner demand-dial connection

Branch office demand-dial connection