We have tried using the GPO method as you describe and it does work sort of. But it imports the cert with locked down permissions. We use Cisco VPN and there isn't a way to specify that application to be an authorized app on the cert using GPO. If we manually change the ACL on the cert it refreshes and looses the setting next GPupdate.
↧