Prerequisites
Confirm the following before you create or duplicate a computer certificate template on your issuing CA.Rights to duplicate and publish templates
Rights to duplicate and publish templates
Required Settings for the Certificate Template
Below are the tabs and settings that should be configured in the certificate template:- Template type: The template used should be based on the default Computer template.
- Certificate Authority compatibility: Windows Server 2016
- Certificate recipients: Windows 10/Windows Server 2016
- Subject name: Supply in the request
- Security: Grant Read and Enroll only to the identity that enrolls for the Connector (the Connector host computer account when the Connector runs as Local System, or a dedicated service account when the Connector uses Service Account at install). Remove broad inherited entries such as Domain Computers so other domain-joined computers cannot enroll.
Create an AD CS Computer Certificate Template
Open the Certificate Authority snap-in
Select Issuing CA
Open Certificate Templates management

Duplicate the Computer template
Set template names
IruEndpointDevice. The template name will be needed when creating Library Items that contain AD CS certificate settings.Set Certificate Authority compatibility
Set Certificate Recipients compatibility
Set Subject Name to supply in request
Add the Connector computer account (Local System enrollment)
Open Object Types
Search for Connector host computer
lab000001 is the computer name being used.
Grant Read and Enroll to the computer account
Remove broad default permissions
Open template issuance menu
Next Steps
After the template appears in the issuance list:Configure AD CS in Iru Endpoint
