Windows Server 2003 Certificate group policy enrollment vs. 2008 R2 Cerfificate Group Policy Enrollment

I have a project to move from the standard 40bit encryption that comes with the Windows Remote Desktop Protocol to 128-bit. I have an internal CA and have published a Remote Desktop Computer template that I created following a Microsoft article. The issue is that when I set the group policy to use the certificate, my 2003 servers don't pick up the certificate automatically on a group policy refresh, or even after a reboot. The 2008 Servers work just fine.

Note: I am going to the RDP-tcp connection settings and looking at properties. The 2008 server certificate location says "Group Policy based Certificate". No such thing occurs on 2003 server. I have to manually go and request the certificate through the certificate console in a 2003 server to get the certificate installed. And even after that, when I go and try to select the certificate in the RDP-tcp connection properties, it doesn't show up.

Any ideas on how to make this work through group policy for 2003 server? I am in a native mode 2008 R2 AD Forest. This is a 2048 bit key and domain computers have been given access to "read" and "enroll" on the template.

2003 RDP-tcp properties with no cert assigned



Between the time I posted this and doing some more research, I noticed that the group policy certificate setting in group policy to pushed to 2008 is only supported in "vista" and above. I don't see a group policy setting in 2003 for this. I wonder if this is still possible via some other method? If I have to do this manually on all of my 2003 servers, I wonder how to make the manually installed certificate show up to be able to choose it?



Between the time I posted this and doing some more research, I noticed that the group policy certificate setting in group policy to pushed to 2008 is only supported in "vista" and above. I don't see a group policy setting in 2003 for this. I wonder if this is still possible via some other method? If I have to do this manually on all of my 2003 servers, I wonder how to make the manually installed certificate show up to be able to choose it?



End of support for S2K3 is in 8 months I'd not spend the time with this task and be more concerned with updating the servers.



Yes, I know. I just figured the template situation out. That was the problem. We will have our servers gone by July of next year. I just need a way to get this done in the interim.



No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:Accept: ClintWeldon (http:#40438753)

If you feel this question should be closed differently, post an objection and a moderator will read all objections and then close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer



This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Share this

Related Posts