I have a challenge associated with how to deploy a machine based wireless profile to a shared Windows device to connect to a wireless network. Authentication for these types of devices is using a certificate (machine authentication is not possible due to the AD configuration and the associated trusts). Ultimately I am chasing whether windows native commands can be used to provision a certificate using the ISE SCEP URL. I am running ISE 2.1 with patch 2.

Whilst I have the client provisioning process within ISE functioning, this is only applicable to user specific devices where ISE will deploy a user profile to a device. If ISE could provision a machine based profile this issue would not exist.

I have existing batch files and processes available for provisioning a certificate from a Microsoft CA, but the interaction with the ISE SCEP process is where I am getting unstuck. Any assistance with how to provision a certificate from ISE' CA to a windows device would be appreciated.

The big issue here is the ability to connect a Windows (or Mac) device to a wireless network to facilitate user authentication to an Active Directory domain.