Automatic registration

To automatically register and activate the GPO, follow these steps:

1. Under User Configuration, open Policies, then click Windows Settings and Security Settings.

   

2. Under the Public Key Policies, find Certificate Service Client - Auto-Enrollment. Open the properties of this object type and select the following options:

   

3. In order for the user certificate to roam to all computers on the network ("Certificate Credential Roaming"), enable Credential Roaming.

4. Open the corresponding object type and select the Enabled option on the General tab.

   

5. Confirm your settings with OK and close the Group Policy Editor.

6. Then link the GPO to the domain, OU or location. For example, you can link the GPO to the Employees OU, drag the object over that OU, and then release the mouse button.