certificate autoenrollment Settings with citrix and certificate-based authentication

i have citrix environment serious lag time citrix logon. in citrix forums (thread http://forums.citrix.com/thread.jspa?threadid=252740 ), there has been discussion regarding computer config\windows settings\security settings\public key policies\autoenrollment settings.  appears if setting edited, whether enable or disable it, add the citrix logon time.

it has been demonstrated if policy recreated without editing setting, logon time drops 35 plus around 10 seconds. question affect have on certificate-based authentication wireless , e-mail encryption capabilities may using int future if not actively enable setting?

 

---

karon w

karon,

 the implication of not using autoenrollment require method of enrolling certificates on users, such manual enrollment using ca web console or certificates mmc snap in.

 i don't have answer of how avoid logon delay while allowing auto enrollment (since manual enrollment pretty cumbersome). however, auto enrollment required enroll certificate. once certificate enrolled machine or user, can turned off without losing enrolled certificate. in theory, if use certificates long life , don't need revoke many certificates, should able turn on, validate users , computers have enrolled certificate , restrict policy apply ou used enroll new users , new computers before moved normal ous. 

guy 

Windows Server  >  Group Policy