Experiment: Modify and Enable certificate templates
Note: The CA type in the experiment must be an enterprise CA because the standalone CA is not supported for certificate templates
Lab Environment:
LON-DC1 Windows2012 Ad+adcs 172.16.0.10
Experimental steps:
Open the certification authority on the LON-DC1
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/5A/07/wKiom1Tz-veRMzlrAASNnNo9GYI614.jpg "title=" QQ picture 20150302135227.jpg "alt=" Wkiom1tz-vermzlraasnnno9gyi614.jpg "/>
Expand the subkey under certification authority, right-select the management task in the certificate template
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5A/07/wKiom1Tz-4DjLTDSAAOQx6c86Ng718.jpg "title=" QQ picture 20150302135530.jpg "alt=" Wkiom1tz-4djltdsaaoqx6c86ng718.jpg "/>
You can see that there are already a lot of default templates, we choose the user template here, right click on this template, and then select Copy Template
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/5A/03/wKioL1Tz_QaBBqrcAAT7Lo9Hwuc702.jpg "title=" QQ picture 20150302135727.jpg "alt=" Wkiol1tz_qabbqrcaat7lo9hwuc702.jpg "/>
Pop-up window, compatibility can not be modified, if your company has not 2008r2 the following servers, or not WIN7 the following clients, can be modified according to requirements
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5A/03/wKioL1Tz_ZrBR_0sAAQ8YRAyQEQ102.jpg "title=" QQ picture 20150302135955.jpg "alt=" Wkiol1tz_zrbr_0saaq8yrayqeq102.jpg "/>
We switch to the General tab of this page to change the name of this certificate to a copy
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/5A/03/wKioL1Tz_fLyuEB0AAQ0I8jmHDk583.jpg "title=" QQ picture 20150302140123.jpg "alt=" Wkiol1tz_flyueb0aaq0i8jmhdk583.jpg "/>
We then switch to the Replace Template tab to replace the user template with this template
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/5A/03/wKioL1T0AZ_z4i87AARIPJepZJU598.jpg "title=" QQ picture 20150302141702.jpg "alt=" Wkiol1t0az_z4i87aaripjepzju598.jpg "/>
Finally we go to the Security tab, authenticated users to open enrollment and autoenrollment permissions
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/5A/07/wKiom1T0ARSRqeAzAAUm8wkZaGM282.jpg "title=" QQ picture 20150302141920.jpg "alt=" Wkiom1t0arsrqeazaaum8wkzagm282.jpg "/>
After performing the above operation, we go back to the certification authority's Certificate template subkey, right-click it select New---issued certificate template, add our new user template to it
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/5A/07/wKiom1T0AYyhPAzCAATNtAf5hJ0860.jpg "title=" QQ picture 20150302142119.jpg "alt=" Wkiom1t0ayyhpazcaatntaf5hj0860.jpg "/>
On the page that pops up, add the test user template that we just created, and you can see that the new certificate template that we added appears in the certificate list
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5A/07/wKiom1T0Afvg_5vEAATFqMEsYlY647.jpg "title=" QQ picture 20150302142228.jpg "alt=" Wkiom1t0afvg_5veaatfqmesyly647.jpg "/>
The experiment is complete.
This article is from the "Dry Sea Sponge" blog, please be sure to keep this source http://thefallenheaven.blog.51cto.com/450907/1616467
Windows AD Certificate Services Family---Deployment and Management certificate templates (2)