Pop Quiz: Windows Server Active Directory CS Autoenrollment
Applies to the "Configuring Active Directory Certificate Services" objective of Exam 70-640.
Q: A company's network security team needs to ensure that domain computer accounts can use autoenrollment certificates.
Which of the following certificate types does not support autoenrollment?
- Version 1
- Version 2
- Version 3
- Version 4
Answer is A. The autoenroll permission is not available in version 1 certificate templates. A version 2 or version 3 template, or duplicate a certificate template to create a version 2, version 3, or version 4 certificate template is required in order to use the autoenroll permission.
Quick Tip: To assign certificate templates to an enterprise CA, open the Certification Authority snap-in, click Certificate Templates, on the Action menu, point to New, and then click Certificate Template to Issue, finally, select the certificate template that is enabled for autoenrollment.
Reference: Administering Certificate Templates
Bonus Question: What network ports does WSUS in Windows Server 2012 use for communication between WSUS servers? (The answer, of course, will be revealed next time!)
Answer to bonus question from last week:
Prior to the setup of a subordinate CA server, a root CA server must be in place.
About the Author
Andy Barkl, MCT/MCITP/MCSA, A+, Network+, Security+, CCNA has been studying technology for 30 years. Of the last 15 years, he has spent much of his time parting the knowledge and experience he has gained through IT exams, over 300, to help others be prepared and successful. He teaches classes in Phoenix, Ariz. where he has lived most of his life. He can be reached by e-mail at [email protected]