Question:How To Configure Certificate Auto-Enrollment Using Group Policy

Answer: When using an enterprise certificate server the most popular feature is the Group Policy Auto- Enrolment of certificates to users and computers.

The Auto-Enrollment feature allows us to use Active Directory Group policy to push any certificate to users and computers in our domain.

To enable Auto-Enrolment via Group Policy follow the steps bellow:

Open Group Policy Management -> Right Click on the Default Domain Policy and click on edit

Go to User Configuration, Windows Settings, Security Settings, and then click Public Key Policies

Double-click Certificate Services Client – Auto-Enrollment

Set the configuration Model to Enabled

 Note: The above settings are for Users, If you need to enable Auto-Enrollment for computers, Do the same for computers under the Computer Configuration container.