A user with rights to create a GPO must be available.
Create group policy object (GPO)
To create a group policy object (GPO):
Start the Group Policy Management.
Create a group policy object (GPO). In this example we called this Nexus PKI. Normally this GPO should affect all computers in the domain, so the default security group “Authenticated Users” that holds both computers and users.
Add CA certificates in group policy object (GPO)
To add the CA certificates in the group policy object (GPO):
Edit the GPO and browse to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Public Key Policies.
Import the Root CA to Trusted Root Certification Authorities
Import the Sub CA to Intermediate Certification Authorities