Confirm That Certificates Are Deployed Correctly

Applies To: Windows 7, Windows Essential Business Server, Windows SBS 2003, Windows SBS 2008, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2, Windows Vista

After configuring your certificates and autoenrollment in Group Policy, you can confirm that the policy is being applied as expected, and that the certificates are being properly installed on the workstation computers.

In these procedures, you refresh Group Policy on a client computer, and then confirm that the certificate is deployed correctly.

Administrative credentials

To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.

In this topic:

  • Refresh Group Policy on a computer

  • Verify that a certificate is installed

To refresh Group Policy on a computer

  • On a computer running Windows 7, Windows Vista, Windows Server 2008, or Windows Server 2008 R2, start a command prompt as an administrator, and then type the following command:

    gpupdate /target:computer /force
    
  • On a computer running Windows XP or Windows Server 2003, start a command prompt, and then type the following command:

    gpupdate /target:computer /force
    
  • On a computer running Windows 2000, start a command prompt, and then type the following command:

    secedit /refreshpolicy machine_policy
    

After Group Policy is refreshed, you can see which GPOs are currently applied to the computer.

To verify that a certificate is installed

  1. Click Start, in the Start Search box, type certmgr.msc, and then press ENTER.

  2. In the navigation pane, expand Trusted Root Certification Authorities, and then click Certificates.

    The CA that you created appears in the list.