One of the components used by the Windows Vista/2008 Collector is WinRM. In order to be able to use HTTPS as communication protocol for WinRM you need to create certificates for every machine. To automate this task you can create a GPO which will instruct the machines to enroll for a certificate automatically.
To create the Group policy please follow the steps below:
1. Go to Start->Programs-Administrative Tools->Group Policy Management
2. Create a new Group Policy Object
3. Right click the new GPO and select Edit
4. In Group Policy Management Editor go to Computer Configuration->Policies->Windows Settings->Security Settings->Public Key Policies
5. Create a new Automatic Certificate Request Settings
6. Click Next and on the Certificate Template page select the Computer template
Click Next again and then Finish.
Note: For a policy for your Domain Controllers select the template Domain Controller
7. In the Public Key Policies Folder you will also have to enable the Certificate Client Services - Auto-Enrollment (Right Click-> Properties) Set the Configuration Model to Enabled and enable the two check-boxes.
This completes the configuration of the GPO for Certificate Auto-Enrollment
8. Next you want to check that the permission for the Computer Template on your CA (Certificate Authority) are set correctly. On your CA got Start-->Run and start mmc.
9.. In the Management Console |Go to File ->Add/Remove Snapin, add the Snapin for CertificateTemplates and Click OK.
10. In the Management Console that opens for the Certificate Templates go to the Computer template, Right Click and select Properties. On the Security tab check that the permission "Enroll" for the Domain Computers is enabled.
You can now link the GPO to your Domain and assign it to the Computers on which you use WinRM for the Windows Vista Collector.
Imported Document ID: TECH95632
Subscribing will provide email updates when this Article is updated. Login is required.