Certificate enrollment can be automated using Active Directory. You can create a GPO and link it to a site, domain, or organization unit that automates certificate enrollment for computers and users on your network. You can configure Automatic Certificate Enrollment using the following steps. Keep in mind that the steps may vary slightly depending on whether you are using a GPO at the site, domain, or OU level.

1. Click Start, point to Administrative Tools, and click Active Directory Users and Computers.

2. Right click the appropriate organizational unit and click Properties. Select the Group Policy tab.
3. Select an existing group policy object and click Edit. Click New to create a new group policy object.
4. Under the Computer Configuration container, expand Windows Settings, then Security Settings, and click Public Key Policies.
5. Right-click Automatic Certificate Request Settings, point to New, and click Automatic Certificate Request. This launches the Automatic Certificate Request Setup Wizard. Click Next.
6. Select the Certificate template. Click Next. For a certificate to be issued, the Enroll permission for the appropriate certificate template is required.
7. Click Finish.

Once the automatic certificate request has been created, the certificates are issued the next time a computer within the scope of the policy is restarted or a user logs onto the domain.