In Group Policy Object (GPO) reporting, Certificate Enrollment Policy (CEP) is incorrectly displayed under Extra Registry Settings.
To enable client-side Certificate Enrollment Policy / Certificate Enrollment Service (CEP/CES), you must set CEP policies in a GPO. The settings are located in the following paths:
- Computer Configuration > Windows Settings > Security Settings > Public Key Policies
- User Configuration > Windows Settings > Security Settings > Public Key Policies
In both locations, the Policy Name value is displayed as Certificate Services Client - Certificate Enrollment Policy.
When you use the gpresult or gpmc command to view GPO reporting, you notice that the settings are displayed under Extra Registry Settings instead of in the Certificate Services Client - Certificate Enrollment Policy area.
See the following screen shots for details.
- The CEP/CES policy as it is configured in a GPO.
- The GPReporting screen when the issue occurs. This screen displays output from the gpresult command. The settings are displayed in different places than the one in which they are initially configured in a GPO.
- Group Policy Management Console (GPMC) when you use the gpmc command to display the settings.