| Anchor | ||||
|---|---|---|---|---|
|
| Easy heading | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
Follow the Export Wizard with its defaults and save the file somewhere in your network. We will import it to our GPO created in the next steps, so keep in mind it should be accessible to your Domain Controller.
Creating the GPO
Create a folder named gytpol under your domains NETLOGON folder.
...
Go to Computer Configuration → Preferences → Control Panel Settings → Scheduled Tasks → New → Immediate Task (At least Windows 7)
...
Task Properties:
General tab: Name the task “GYTPOL Client deploy”, run it under NT AUTHORITY\SYSTEM, check Run with highest privileges and select the Hidden check boxes.
...
Click OK to close the task scheduler properties
Adding the Certificate to our GPO
Browse to Computer Configuration → Policies → Windows Settings → Security Settings → Public Key Policies → Trusted Publishers
R. click on Trusted Publishers → Import
Browse to the location where the exported certificate is stored and import it to the Certificate Import Wizard
Follow the Wizard with its defaults and the certificate will be shown in the Trusted Publishers folder in GPMC:
...