## 20160505 AK
----
 [[ActiveDirectory/CZ|česky]] | [[ActiveDirectory/DE|deutsch]] | '''english'''
----

= How to distribute the CAcert root certificate through Active Directory onto all computers =

[Active Directory is the database of a Microsoft domain (or a domain tree). It contains information about all domain computers, printers, users, user groups, computer groups, user/group rights etc. Moreover, the domain objects can be divided into Organization Units (OU). You can assign Group Policy Objects (GPO) to OU, the whole domain, and its controllers, with different settings, which is propagated through the network to target objects (e.g. computers). One of many settings may be root certificates of various CA.]

 * The following will be done via Group Policy Objects:
 * Open the Group Policy Objects of the Organisation-Unit of the client computers that should be configured 
 * Go to Computer Configuration --> Windows Settings --> Security Settings --> Public Key Policies --> Trusted Root Certification Authorities)
 * Right-click on 'Trusted Root Certification Authorities' --> import
 * Specify the certificate of the Root-CA.
 * Close the Group Policy Editor.
 * replicate the ActiveDirectory to all DCs urgently (--> ask your admin)
 * Update Group Policy Objects on clients (WinXP: 'gpupdate /force')

Taken from: [[http://www.heise.de/security/news/foren/go.shtml?read=1&msg_id=7599485&forum_id=75362]]

== An example ==
(A Domain Controller on a Windows server 2003)

{{attachment:AD-GPO-rootcert-1-en.png}}

----
 . CategoryStepByStep
 . CategoryTutorials