Z
Zeppelin707
Guest
Hello,
I would appreciate some help. My company has it's own CA sever from which we give out a root cert and machine (computer) certificates to our local users via our group policy. There certificates are primarily for authenticating users to get past our firewall for remote VPN connections. However, every now and then there is a problem with the GPupdate and some users don't get their certs (or cert become corrupt). In either scenario, the machine cert needs to be installed/reinstalled. Problem is some of our users cant come to the office so we may reinstall the certificate. For example: If a user was close to the office and there was an issue with the machine cert they could simply come in and a tech could request a new machine certificate via the MMC console locally on the machine via a template we have setup for workstation authentication (machine certificate authentication). Now in the event users have a bad cert/no cert they will not be able to connect to our network to contact our CA sever and get a new cert. My questions: Is there a way I can ask the cert server for a machine cert for a specific computer that isn't mine? For example: Let say my machine name is MA-Bob1-DKESTOP and the user is MA-Mary-Desktop, is there a way via the MMC console i can ask for the workstation (machine, computer) certificate for the MA-Mary-Desktop machine? My theory is there in after i get the cert for this specific machine I will be able to import it to the users personal certificate folder via a remote session. Thoughts?
Continue reading...
I would appreciate some help. My company has it's own CA sever from which we give out a root cert and machine (computer) certificates to our local users via our group policy. There certificates are primarily for authenticating users to get past our firewall for remote VPN connections. However, every now and then there is a problem with the GPupdate and some users don't get their certs (or cert become corrupt). In either scenario, the machine cert needs to be installed/reinstalled. Problem is some of our users cant come to the office so we may reinstall the certificate. For example: If a user was close to the office and there was an issue with the machine cert they could simply come in and a tech could request a new machine certificate via the MMC console locally on the machine via a template we have setup for workstation authentication (machine certificate authentication). Now in the event users have a bad cert/no cert they will not be able to connect to our network to contact our CA sever and get a new cert. My questions: Is there a way I can ask the cert server for a machine cert for a specific computer that isn't mine? For example: Let say my machine name is MA-Bob1-DKESTOP and the user is MA-Mary-Desktop, is there a way via the MMC console i can ask for the workstation (machine, computer) certificate for the MA-Mary-Desktop machine? My theory is there in after i get the cert for this specific machine I will be able to import it to the users personal certificate folder via a remote session. Thoughts?
Continue reading...