Checklist: Implementing a Certificate-based Isolation Policy Design

Letzte Aktualisierung: Januar 2010

Betrifft: Windows 7, Windows Essential Business Server, Windows SBS 2003, Windows SBS 2008, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2, Windows Vista

This parent checklist includes cross-reference links to important concepts about using certificates as an authentication option in either a domain isolation or server isolation design.

Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist

The procedures in this section use the Group Policy MMC snap-in interfaces for configuring the GPOs, but you can also use the Netsh command-line tool to configure GPOs. For more information, see Use Netsh to Configure GPOs.

Prüfliste Checklist: Implementing certificate-based authentication


  Task Reference

Review important concepts and examples for certificate-based authentication to determine if this design meets your deployment goals and the needs of your organization.

Konzeptionsthema Identifying Your Windows Firewall with Advanced Security Deployment Goals

Konzeptionsthema Certificate-based Isolation Policy Design

Konzeptionsthema Certificate-based Isolation Policy Design Example

Konzeptionsthema Planning Certificate-based Authentication


Install the Active Directory Certificate Services (AD CS) role as an enterprise root issuing certification authority (CA). This step is required only if you have not already deployed a CA on your network.

Thema Vorgehensweise Install Active Directory Certificate Services


Configure the certificate template for workstation authentication certificates.

Thema Vorgehensweise Configure the Workstation Authentication Certificate Template


Configure Group Policy to automatically deploy certificates based on your template to workstation computers.

Thema Vorgehensweise Configure Group Policy to Autoenroll and Deploy Certificates


On a test computer, refresh Group Policy and confirm that the certificate is installed.

Thema Vorgehensweise Confirm That Certificates Are Deployed Correctly