Support Adobe Digital ID Signing with Automated Microsoft CA User Certificate Generation

Just a quick how to, wanting to document a task I have recently had need of. This process has a perquisite of you having a Microsoft Certificate Authority already available in your environment. Start > Run >mmc Add Remove Snap-ins and choose the following – Certificate Authority (when prompted add the name of your CA) – Certificate Templates – Group Policy Management In Certificate Templatesright click on “User” and choose “Duplicate Template” Set compatibility settings as needed. If you have a 2008 R2 pure Active Directory environment make it match. In terms of Certificate Recipient make it match the oldest OS you have in use. Under General Change the Name to something meaningful as you’ll be referencing it later. Under the Security Tab set Domain Users to have both Enroll and Autoenroll permissions In Certificate Authorityright click on the “Certificate Templates”subfolder and choose New> “Certificate Template to Issue” Choose your newly created Certificate Template In Group Policy Management we are going to do a couple of things; setup your domain for certificate auto enrollmentand also define registry settings for Adobe Acrobat and Acrobat Reader. In any GPO that will hit the users you wish to have certificates (Default Domain Policy for example) choose to edit. Navigate to User Configuration> Windows Settings> Security Settings> Public Key Policies Double click on Certificate Services Client- Auto-Enrollment and set – Configuration Model: Enabled – Check Renew expired certificates… – Check Update certificates that use certificate templates – Hit OK By default Adobe Acrobat and …