Answer: When using an enterprise certificate server the most popular feature is the Group Policy Auto- Enrolment of certificates to users and computers.
The Auto-Enrollment feature allows us to use Active Directory Group policy to push any certificate to users and computers in our domain.
To enable Auto-Enrolment via Group Policy follow the steps bellow:
Open Group Policy Management -> Right Click on the Default Domain Policy and click on edit
Go to User Configuration, Windows Settings, Security Settings, and then click Public Key Policies
Double-click Certificate Services Client – Auto-Enrollment
Set the configuration Model to Enabled
Note: The above settings are for Users, If you need to enable Auto-Enrollment for computers, Do the same for computers under the Computer Configuration container.
