Tình huống: Sử dụng BPA trên CA thông báo User autoenrollment is not enable mặc dù đã cấu hình autoenrollment cho cả User và Computer với Group Policy
Giải pháp:
I've had the same problem, and it bugged me for weeks, but I think I found the solution. Simply go back to the GPO with your policy (I used the default domain policy GPO but you may have done differently), and in User Configuration => Windows Settings => Security Settings => Public Key Policies section select the "Certificate Services Client -Auto Enrollment" policy and untick "Expiration Notification".
Then at the command prompt or in powershell refresh the policy "gpupdate /force" and when you run the Best Practices Analyzer for the role it should show that "user autoenrollment group policy is not enabled" is now compliant
Nguồn: http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/1b28e814-90ec-4e03-94bf-55f49f902611/
Không có nhận xét nào:
Đăng nhận xét