Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
chọn GPO cụ thể, click Browse, và sau đó sử dụng Browse Một hộp thoại Nhóm đối tượng chính sách để chọn GPO. 6. Theo gói để nâng cấp, chọn gói nâng cấp. Sau đó, bạn có thể chọn một tùy chọn nâng cấp: Triển khai và duy trì Phần mềm Thông qua Group Policy | 418 Part II Group Policy Implementation and Scenarios Figure 11-15 Specifying global autoenrollment options within public key policy 3. To disable autoenrollment select Do Not Enroll Certificates Automatically. To allow autoenrollment select Enroll Certificates Automatically. If you choose autoenrollment two additional options are available Renew Expired Certificates Update Pending Certificates And Remove Revoked Certificates Choose this option to ensure that beyond simple autoenrollment certificates installed to your users and computers are managed if they expire are pending or are revoked. Update Certificates That Use Certificate Templates Choose this option to use certificate templates to control what kinds of certificates are autoenrolled and to allow certificates to be updated. 4. Click OK. Managing Public Key Policy Public key certificates are most commonly used in certain scenarios. For example if you have an enterprise CA root installed you can automatically enroll your user accounts with a certificate for e-mail signing and encryption. This doesn t require the use of public key policies however because autoenrollment is enabled by default within an Active Directory environment with a CA installed. One area that requires configuration in policy is the implementation of EFS within an Active Directory environment. By default when a user encrypts a file using EFS that user and the domain administrator account if the computer is in an Active Directory are made the key recovery agents for that file. This means that either the user or the domain administrator can unencrypt that file. However you might want to create additional key recovery agents to ensure that the right people within your organization can recover encrypted files before you allow your users to use EFS. Chapter 11 Maintaining Secure Network Communications 419 To add a new key recovery agent for EFS complete the following steps 1. Select the Public Key Policies under Computer Configuration Windows
