Automation of Autoenrollment Server configuration

cd .\ConfigureAES

.\ConfigureAES.bat "<AEServerInstallationPath>"

For example: .\ConfigureAES.bat "C:\Program Files\DigiCert\AEServer"

C:\Program Files\DigiCert\AEServer\ConfigureAES>.\ConfigureAES.bat "C:\ProgramFiles\DigiCert\AEServer"

This script automates the configuration of DCOM access rights, firewall settings,
and Group Policies required for the DigiCert Autoenrollment Server (AES) to
function properly within your domain environment. It ensures the necessary permissions
are applied to relevant groups and updates the Default Domain Controllers Policy GPO
to enable smooth certificate autoenrollment for users, computers, and domain controllers.

Do you want to proceed? [Y/N]: y  
========================================================================= 
Step 1: Configure DCOM access rights and set autoenrollment permissions 
=========================================================================  
This step will configure the required Distributed Component Object Model (DCOM)
access rights and sets permissions for the Autoenrollment Server (AES).  

Prerequisites  
- You must have permission to modify DCOM configuration settings
(Domain Administrators or Enterprise Administrators have this permission by default).

Groups granted access and launch permissions (local and remote)  
- Domain Users  
- Domain Computers  
- Domain Controllers  

Do you want to proceed? [Y/N]: y
   Enabling Distributed COM on this Computer... [In progress]
   Enabling Distributed COM on this Computer... [Completed]      

   Restarting the DCOM Server Process Launcher service...

Press any key to continue...
   DCOM Server Process Launcher service restarted successfully.

   Setting DCOM permissions for AutoEnrollmentDCOMSrv... [In progress]
   Setting launch and activation permissions for AutoEnrollmentDCOMSrv... [In progress]
   Setting DCOM access permissions for AutoEnrollmentDCOMSrv... [Completed]
   Setting launch and activation permissions for AutoEnrollmentDCOMSrv... [Completed]


========================================================================== 
Step 2: Configure firewall rules 
==========================================================================  
This step ensures that the DigiCert Autoenrollment Server can communicate through
the system's firewall by configuring a firewall exception on the computer running
Autoenrollment Server.

Do you want to proceed? [Y/N]:y
    Configuring firewall exception for the Autoenrollment Server... [In progress]
    Configuring firewall exception for the Autoenrollment Server... [Completed]

=========================================================================== 
Step 3: Update group policies 
===========================================================================
This step will configure the Group Policies Object (GPO) for the 
Autoenrollment Server (AES).  

The following settings will be enabled:  

Computer configuration   
- Configuration Model   
- Renew expired certificates, update pending certificates, and remove
  revoked certificates   
- Update certificates that use certificate templates 

User configuration   
- Configuration Model   
- Renew expired certificates, update pending certificates, and remove
  revoked certificates   
- Update certificates that use certificate templates

Do you want to proceed? [Y/N]:y
    Available GPOs:[0]
    Default Domain Policy[1]
    Default Domain Controllers Policy
    Enter the number of the GPOs you want to update, separated by commas (or type 'ALL' to process all GPOs).
    Selection: 0
    Updating group policies... [In progress]
    Processing GPO: Default Domain Policy (31b2f340-016d-11d2-945f-00c04fb984f9)
    Updating group policies... [Completed]
     

DigiCert Autoenrollment Server configuration completed successfully.  

For more details, refer to the logs: "C:\Program Files\DigiCert\AEServer\logs\ConfigureAES.log.2025-02-11"