Microsoft has made a whitepaper available with details on how to implement Simple Certificate Enrolment Protocol (SCEP).
“Microsoft Active Directory Certificate Services in Microsoft Windows Server 2008 R2 includes the Network Device Enrollment Service role service. This role service implements the Simple Certificate Enrollment Protocol. This white paper provides an overview of this role service in the Windows Server 2008 R2”.
They also published a whitepaper on deploying user and computer certificates:
“The Windows Server 2008 R2 Core Network Guide provides instructions on how to plan and deploy the components required for a fully functioning network and a new Active Directory domain in a new forest. This companion guide to the Core Network Guide provides instructions on how to deploy client computer and user certificates with Active Directory Certificate Services (AD CS) and Group Policy. You can use client computer and user certificates to allow Network Policy Server (NPS) and Routing and Remote Access Service (RRAS) to authenticate users and computers when you deploy the following authentication methods for network access authentication:
- Extensible Authentication Protocol with Transport Layer Security (EAP-TLS)
- Protected EAP with TLS (PEAP-TLS)”.