Setting up PKI in Configuration Manager

Jerry Trimmer 21 Reputation points
2021-09-09T16:51:50.167+00:00

I am currently setting up PKI in my Endpoint Configuration Manager environment. Every article I read mentions checking Read, Enroll and AutoEnroll for Domain Computers uder the security tab of the client certificate. None how ever say anything about Domain Controllers. We manage our Domain Controllers just like we do any other client. Should I add Domain Controllers to the template or do something else?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,333 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Charles Thivierge 4,066 Reputation points
    2021-09-09T17:28:56.957+00:00

    There is 2 templates for Domain Controllers
    "Domain Controller"
    "Domain Controller Authentication" --> SmartCardLogon authentication

    You should use one of this template for the DC's

    hth

    0 comments No comments

  2. Limitless Technology 39,696 Reputation points
    2021-09-10T08:37:07.827+00:00

    Hello,

    there are 2 templates that Microsoft has planned for this purpose:

    https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki

    Domain Controller
    Domain Controller Authentication

    You should be able to use one of both to reach your goal.

    Best regards,

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.