Active Directory Certificate Services - MCTS Guide to Microsoft Windows Server 2008 Active Directory Configuration

Information Technology Reference

In-Depth Information

2008 includes several version 1 templates. You can duplicate these templates, and then

they're converted to version 2 or 3 templates, which can be modified.

• Version 2 templates —Allow customization of most certificate settings and permit autoen-

rollment. They are supported by Windows Server 2003 Enterprise Edition and later.

• Version 3 templates —Provide advanced cryptographic functions; they can be issued only

from Windows Server 2008 enterprise CAs and can be used only on Windows Server 2008

and Vista clients.

Certificate templates are created and modified in the Certificate Templates snap-in, which is

automatically added under the Active Directory Certificate Services node in Server Manager (see

Figure 11-7). You can modify a template listing Windows Server 2003 Enterprise or Windows

Server 2008 in the Minimum Supported CAs column. Templates listing Windows 2000 in this

column must be duplicated before modifying them. The recommended method is modifying the

duplicate rather than the template. Each template type has a different set of properties and a

varying number of tabs in the template Properties dialog boxes.

Figure 11-7

The Certificates Templates snap-in

A common certificate type is one used for EFS, which allows users to encrypt and decrypt

files on a hard drive. The Basic EFS template is used to issue certificates to users so that they can

protect files with EFS. The EFS Recovery Agent template is used to issue certificates to users who

are designated as recovery agents so that EFS-encrypted files can be recovered if a user's EFS cer-

tificate becomes unusable for some reason.

Activity 11-3: Creating an EFS Certificate Template

Time Required: 10 minutes

Objective: Create an EFS certificate template.

Description: You want to issue certificates to employees so that they can use EFS throughout the

domain. You duplicate the version 1 Basic EFS template and create a version 3 EFS template for

use on Vista clients.

1. Log on to Server1XX as Administrator and open Server Manager, if necessary.

2. In the left pane, click to expand Roles and then Active Directory Certificate Services . Click

Certificate Templates to list the available templates in the right pane. (If nothing appears below

Active Directory Certificate Services, try closing Server Manager and then reopening it.)

Search WWH ::

Custom Search

Home