1
00:00:07,560 --> 00:00:12,630
In some situations, it might be inefficient to use manual enrolment.

2
00:00:13,290 --> 00:00:22,560
Then you can configure certificate templates so that the request to can enroll for and ruin use certificates

3
00:00:22,920 --> 00:00:26,490
automatically without end user interaction.

4
00:00:27,180 --> 00:00:32,460
One example where manual enrolment would be inefficient would be one.

5
00:00:32,460 --> 00:00:38,130
You need to issue a certificate to every user and computer in your organization.

6
00:00:39,020 --> 00:00:43,820
A common and more efficient method would be to use Auto-enrolment.

7
00:00:44,900 --> 00:00:52,250
This method provides an automated way to deploy certificates to users on computers.

8
00:00:53,320 --> 00:00:56,020
Within your aid, it is an organization.

9
00:00:56,770 --> 00:01:06,080
It is important to note, however, that you cannot use Auto-enrolment with a stand alone, said you

10
00:01:06,100 --> 00:01:10,810
must have an enterprise available to use auto enrolment.

11
00:01:11,760 --> 00:01:18,390
The auto and royal commission is not available on version one certificate templates.

12
00:01:18,960 --> 00:01:26,550
Because of this, you must duplicate the certificate template and then configure the permissions to

13
00:01:26,550 --> 00:01:35,910
allow a root and and and roll permissions for users or computers who will receive the certificate.

14
00:01:37,040 --> 00:01:45,530
Domain based group policy can then activate and manage auto enrolment through computer based and user

15
00:01:45,530 --> 00:01:46,700
based policies.

16
00:01:48,190 --> 00:01:56,450
Please know that by default, computer based group policies apply to startup and user based group policy

17
00:01:56,460 --> 00:01:58,890
is processed at user sign in.

18
00:01:59,910 --> 00:02:08,580
Group policy also refreshes approximately every nine to minutes on demand members of the certificate

19
00:02:08,580 --> 00:02:12,690
service client Auto-enrolment Group policies said in.

20
00:02:13,790 --> 00:02:22,550
Enables auto enrolment for computers and user, you must enable this setting for both the computer and

21
00:02:22,790 --> 00:02:23,780
user object.

22
00:02:24,670 --> 00:02:32,440
If you want to enable auto enrolment through computer based policy, the auto enrolment process is not

23
00:02:32,440 --> 00:02:36,610
invoked for users who sign in to the computer.

24
00:02:38,170 --> 00:02:47,650
No, an entire world timer triggers auto enrolment every eight hour after the last of the enrolment

25
00:02:48,250 --> 00:02:49,210
activation.

26
00:02:50,590 --> 00:02:58,900
However, a certificate is not issued each time a timer is triggered if the user or computer has already

27
00:02:58,900 --> 00:03:05,200
enrolled for certificates or signed by using an auto enrolment, nothing happens.

28
00:03:05,890 --> 00:03:13,930
There is a certificate template requires user interaction to process the enrolment request.

29
00:03:14,800 --> 00:03:21,310
Pop up window displays approximately 60 seconds after the user recycles them.

30
00:03:22,320 --> 00:03:29,730
So to configure and enable auto enrolment for certificates in a domain environment, you must first

31
00:03:30,450 --> 00:03:36,000
have membership in either the domain admins or enterprise admins groups.

32
00:03:36,360 --> 00:03:43,500
Second, you have to configure a certificate template or to enroll permission.

33
00:03:44,400 --> 00:03:52,480
And thirdly, you have to configure an auto enrollment policy and apply it to the domain user or send

34
00:03:52,500 --> 00:03:56,160
computers that require auto enrolment.

35
00:03:57,680 --> 00:04:06,590
Now, what is credential Roman credential enrollment is a feature that enables users to access their

36
00:04:06,590 --> 00:04:12,470
credentials to remotely credential Ruhlman makes a user's credentials.

37
00:04:13,730 --> 00:04:23,890
Certificates on private keys available for applications and services when the user signs in to any domain

38
00:04:23,900 --> 00:04:25,250
giant computer running.

39
00:04:27,310 --> 00:04:38,560
In addition, the integrity of these credentials is maintained under any conditions, such as when certificates

40
00:04:38,560 --> 00:04:45,160
are updated or when the user is in to more than one computer at a time.

41
00:04:46,350 --> 00:04:55,440
This avoids a user, a user of automatic enrolment for a certificate on each new machine to which he

42
00:04:55,440 --> 00:04:56,610
or she assigns them.

43
00:04:57,630 --> 00:05:03,420
Credential Roman triggers when a private key or certificate.

44
00:05:05,630 --> 00:05:14,840
In the of a slogan Local Certificate Store changes, the user looks or unlocks the computer or group

45
00:05:14,840 --> 00:05:16,160
pulls a refresh of.

46
00:05:17,350 --> 00:05:19,150
All certificate related.

47
00:05:20,470 --> 00:05:28,960
Communication between components of the local computer and between the local computer and ended years

48
00:05:29,680 --> 00:05:32,200
is signed and encrypted.

49
00:05:33,380 --> 00:05:33,770
And.

50
00:05:35,330 --> 00:05:40,370
Windows seven, a newer operating system support credential enrollment.

51
00:05:41,210 --> 00:05:46,330
Next up, we'll be talking about Waterson enrollment agent.

52
00:05:46,790 --> 00:05:47,690
I will sue the.