Personal Certificates for Terminal Farm

Андрей Михалевский 2,561 Reputation points
2021-05-12T13:02:08.743+00:00

Hi.

Accountants and other employees have many certificates for bank clients and other services.

We are using a terminal farm.

How can I distribute certificates to all users and servers? Without any action on the part of users.

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,679 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vicky Wang 2,636 Reputation points
    2021-05-14T09:36:04.347+00:00

    Hi,
    Thank you for your reply
    I want to confirm with you, do you mean to install the certificate in the persional store instead of Trusted Root Certification Authorities.
    If yes, you can consider the following method
    1 Is it a certificate distributed by a CA in the domain, if it can be used auto-enrollment policy:
    https://learn.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/configure-server-certificate-autoenrollment
    2. If you have other certificates, you can consider script distribution, refer to the following link:
    https://social.technet.microsoft.com/Forums/ie/en-US/25ec4817-d631-444d-b7b7-9934f87e8093/deploying-computer-certificate-to-the-personal-computer-store-using-group-policy?forum=winserverGP

    Hope this information can help you
    Best wishes
    Vicky

    0 comments No comments

5 additional answers

Sort by: Most helpful
  1. Vicky Wang 2,636 Reputation points
    2021-05-13T07:07:18.31+00:00

    Hi,
    Thank you for posting in our forum

    To distribute certificates to client computers by using Group Policy
    On a domain controller in the forest of the account partner organization, start the Group Policy Management snap-in.

    Find an existing Group Policy Object (GPO) or create a new GPO to contain the certificate settings. Ensure that the GPO is associated with the domain, site, or organizational unit (OU) where the appropriate user and computer accounts reside.

    Right-click the GPO, and then click Edit.

    In the console tree, open Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies, right-click Trusted Root Certification Authorities, and then click Import.

    On the Welcome to the Certificate Import Wizard page, click Next.

    On the File to Import page, type the path to the appropriate certificate files (for example, \fs1\c$\fs1.cer), and then click Next.

    On the Certificate Store page, click Place all certificates in the following store, and then click Next.

    On the Completing the Certificate Import Wizard page, verify that the information you provided is accurate, and then click Finish.

    Repeat steps 2 through 6 to add additional certificates for each of the federation servers in the farm.

    Hope this information can help you
    Best wishes
    Vicky

    0 comments No comments

  2. Андрей Михалевский 2,561 Reputation points
    2021-05-13T10:57:57.637+00:00

    It doesn't work for personal certificates

    0 comments No comments

  3. Vicky Wang 2,636 Reputation points
    2021-05-17T08:50:15.257+00:00

    Hi,
    How are things going? Could you please send me an update so that we can continue to work on this problem and resolve it? Thanks for your help.
    Best wishes
    Vicky

    0 comments No comments

  4. Андрей Михалевский 2,561 Reputation points
    2021-05-17T10:39:07.813+00:00

    I realized that I needed to write a script. But I need time, I have little experience in this.

    0 comments No comments