Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

5 Appendix A: Product Behavior

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include released service packs.

Note: Some of the information in this section is subject to change because it applies to an unreleased, preliminary version of the Windows Server operating system, and thus may differ from the final version of the server software when released. All behavior notes that pertain to the unreleased, preliminary version of the Windows Server operating system contain specific references to Windows Server 2016 Technical Preview as an aid to the reader.

  • Windows 2000 operating system

  • Windows XP operating system

  • Windows Server 2003 operating system

  • Windows Server 2003 R2 operating system

  • Windows Vista operating system

  • Windows Server 2008 operating system

  • Windows 7 operating system

  • Windows Server 2008 R2 operating system

  • Windows 8 operating system

  • Windows Server 2012 operating system

  • Windows 8.1 operating system

  • Windows Server 2012 R2 operating system

  • Windows 10 operating system

  • Windows Server 2016 Technical Preview operating system

Exceptions, if any, are noted below. If a service pack or Quick Fix Engineering (QFE) number appears with the product version, behavior changed in that service pack or QFE. The new behavior also applies to subsequent service packs of the product unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms SHOULD or SHOULD NOT implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term MAY implies that the product does not follow the prescription.

<1> Section 1.6: Windows defines four template versions: version 1, version 2, version 3, and version 4. Version 1 templates are supported by CAs that run on Windows 2000 Server operating system, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview. Version 2 templates are supported by Microsoft CAs that run on Windows Server 2003 Enterprise Edition operating system, Windows Server 2003 R2 Datacenter Edition operating system, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview. Version 3 templates are supported by CAs that run on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview. Version 4 templates are supported by CAs that run on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<2> Section 2.1: The cn attribute is implemented in Windows 2000 Server, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<3> Section 2.2: The displayName attribute is implemented only in Windows 2000 Server, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<4> Section 2.3: The distinguishedName attribute is implemented only in Windows 2000 Server, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<5> Section 2.4: The flags attribute is implemented in Windows 2000 Server, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<6> Section 2.4: This flag is supported in Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<7> Section 2.5: The ntSecurityDescriptor attribute is implemented in Windows 2000 Server, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<8> Section 2.6: The revision attribute is implemented in Windows 2000 Server, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<9> Section 2.7: The pKICriticalExtensions attribute is implemented only in Windows 2000 Server, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<10> Section 2.8: The pKIDefaultCSPs attribute is implemented in Windows 2000 Server, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<11> Section 2.9: The pKIDefaultKeySpec attribute is implemented only in Windows 2000 Server, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview. For more information about the Microsoft implementation of key types, see [MSDN-KEY].

<12> Section 2.10: The pKIEnrollmentAccess attribute is implemented in Windows 2000 Server, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<13> Section 2.11: The pKIExpirationPeriod attribute is implemented only in Windows 2000 Server, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<14> Section 2.12: The pKIExtendedKeyUsage attribute is implemented only in Windows 2000 Server, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<15> Section 2.13: The pKIKeyUsage attribute is implemented only in Windows 2000 Server, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<16> Section 2.14: The pKIMaxIssuingDepth attribute is implemented in Windows 2000 Server, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<17> Section 2.16: The msPKI-Template-Schema-Version attribute is implemented only in Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<18> Section 2.17: The msPKI-Template-Minor-Revision attribute is implemented only in Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<19> Section 2.18: The msPKI-RA-Signature attribute is implemented in Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<20> Section 2.19: The msPKI-Minimal-Key-Size attribute is implemented in Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<21> Section 2.20: The msPKI-Cert-Template-OID attribute is implemented only in Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<22> Section 2.21: The msPKI-Supersede-Templates attribute is implemented only in Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<23> Section 2.22: The msPKI-RA-Policies attribute is implemented in Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<24> Section 2.23: The msPKI-RA-Application-Policies attribute is implemented only in Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<25> Section 2.24: The msPKI-Certificate-Policy attribute is implemented in Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<26> Section 2.25: The msPKI-Certificate-Application-Policy attribute is implemented only in Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<27> Section 2.26: The msPKI-Enrollment-Flag attribute is implemented in Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<28> Section 2.26: This flag is supported in Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<29> Section 2.26: This flag is supported in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview.

<30> Section 2.26: This flag is supported in Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<31> Section 2.26: This flag is supported in Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<32> Section 2.26: This flag is supported in Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<33> Section 2.26: This flag is supported in Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<34> Section 2.27: The msPKI-Private-Key-Flag attribute is implemented in Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<35> Section 2.27: This flag is supported in Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<36> Section 2.27: This flag is supported in Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<37> Section 2.27: These flags are supported only in Windows Server 2012 R2 and Windows Server 2016 Technical Preview.

<38> Section 2.28: The msPKI-Certificate-Name-Flag attribute is implemented in Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<39> Section 2.28: This flag is supported in Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<40> Section 3: The following is the list of the default certificate templates and their attribute values that are installed to Active Directory by Windows Server 2003 and Windows XP.

  
 cn: Administrator; 
 displayName: Administrator; 
 flags: 66106; 
 msPKI-Certificate-Name-Flag: -1509949440; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: Administrator; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 
     1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage (4): 1.3.6.1.4.1.311.10.3.1; 
     1.3.6.1.4.1.311.10.3.4; 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xA0 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 4; 
  
 cn: CA; 
 displayName: Root Certification Authority; 
 flags: 65745; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: CA; 
 pKICriticalExtensions: 2.5.29.19; 
 pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF 
 pKIKeyUsage: 0x86 0x00 
 pKIMaxIssuingDepth: -1; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 5; 
  
 cn: CAExchange; 
 displayName: CA Exchange; 
 flags: 65600; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.21.5; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 1; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: CAExchange; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0xC0 0x1B 0xD7 0x7F 0xFA 0xFF 0xFF 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.21.5; 
 pKIKeyUsage: 0x20 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0xC0 0x1B 0xD7 0x7F 0xFA 0xFF 0xFF 
 revision: 106; 
  
 cn: CEPEncryption; 
 displayName: CEP Encryption; 
 flags: 66113; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: CEPEncryption; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; 
 pKIKeyUsage:  0x20 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 4; 
  
 cn: CertificateRequestAgent; 
 displayName: Certificate Request Agent; 
 flags: 131616; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.20.2.1; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 96; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Application-Policies: 1.3.6.1.4.1.311.20.2.1; 
 msPKI-RA-Signature: 1; 
 msPKI-Template-Minor-Revision: 4; 
 msPKI-Template-Schema-Version: 2; 
 name: CertificateRequestAgent; 
 pKIDefaultCSPs: 1,Microsoft Base Smart Card Crypto Provider; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; 
 pKIKeyUsage: 0x80 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 100; 
  
 cn: ClientAuth; 
 displayName: Authenticated Session; 
 flags: 197152; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: ClientAuth; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 
    2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0x80 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 3; 
  
 cn: CodeSigning; 
 displayName: Code Signing; 
 flags: 66080; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: CodeSigning; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 
    2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.3; 
 pKIKeyUsage: 0x80 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 3; 
  
 cn: CrossCA; 
 displayName: Cross Certification Authority; 
 flags: 198672; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 512; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Application-Policies: 1.3.6.1.4.1.311.10.3.10; 
 msPKI-RA-Signature: 1; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: CrossCA; 
 pKICriticalExtensions: 2.5.29.19; 
 pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF
 pKIKeyUsage: 0x86 0x00 
 pKIMaxIssuingDepth: -1; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 110; 
  
 cn: CTLSigning; 
 displayName: Trust List Signing; 
 flags: 66080; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: CTLSigning; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 
    2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.10.3.1; 
 pKIKeyUsage: 0x80 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 3; 
  
 cn: DirectoryEmailReplication; 
 displayName: Directory Email Replication; 
 flags: 196704; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.21.19; 
 msPKI-Certificate-Name-Flag: 150994944; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Supersede-Templates: DomainController; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: DirectoryEmailReplication; 
 pKICriticalExtensions: 2.5.29.17; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.21.19; 
 pKIKeyUsage: 0xa0 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 122; 
  
 cn: DomainController; 
 displayName: Domain Controller; 
 flags: 197228; 
 msPKI-Certificate-Name-Flag: 419430400; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: DomainController; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF
 pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 
 pKIKeyUsage: 0xa0 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 4; 
  
 cn: DomainControllerAuthentication; 
 displayName: Domain Controller Authentication; 
 flags: 196704; 
 msPKI-Certificate-Application-Policy (3): 1.3.6.1.5.5.7.3.2; 
    1.3.6.1.5.5.7.3.1; 1.3.6.1.4.1.311.20.2.2; 
 msPKI-Certificate-Name-Flag: 134217728; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Supersede-Templates: DomainController; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: DomainControllerAuthentication; 
 pKICriticalExtensions: 2.5.29.17; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF
 pKIExtendedKeyUsage (3): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 
    1.3.6.1.4.1.311.20.2.2; 
 pKIKeyUsage: 0xa0 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 119; 
  
 cn: EFS; 
 displayName: Basic EFS; 
 flags: 197176; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: EFS; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.10.3.4; 
 pKIKeyUsage:  0x20 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 3; 
  
 cn: EFSRecovery; 
 displayName: EFS Recovery Agent; 
 flags: 66096; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 33; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: EFSRecovery; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.10.3.4.1; 
 pKIKeyUsage:  0x20 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 6; 
  
 cn: EnrollmentAgent; 
 displayName: Enrollment Agent; 
 flags: 197152; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: EnrollmentAgent; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 
    2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; 
 pKIKeyUsage: 0x80 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 4; 
  
 cn: EnrollmentAgentOffline; 
 displayName: Exchange Enrollment Agent (Offline request); 
 flags: 66049; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: EnrollmentAgentOffline; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 
    2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; 
 pKIKeyUsage: 0x80 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 4; 
  
 cn: ExchangeUser; 
 displayName: Exchange User; 
 flags: 66065; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 1; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: ExchangeUser; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.4; 
 pKIKeyUsage:  0x20 0x00
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 7; 
  
 cn: ExchangeUserSignature; 
 displayName: Exchange Signature Only; 
 flags: 66049; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: ExchangeUserSignature; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 
    2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.4; 
 pKIKeyUsage: 0x80 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 6; 
  
 cn: IPSECIntermediateOffline; 
 displayName: IPSEC (Offline request); 
 flags: 197185; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: IPSECIntermediateOffline; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.5.5.8.2.2; 
 pKIKeyUsage: 0xa0 0x00
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 7; 
  
 cn: IPSECIntermediateOnline; 
 displayName: IPSEC; 
 flags: 197216; 
 msPKI-Certificate-Name-Flag: 402653184; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: IPSECIntermediateOnline; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.8.2.2; 
 pKIKeyUsage: 0xa0 0x00
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 8; 
  
 cn: KeyRecoveryAgent; 
 displayName: Key Recovery Agent; 
 flags: 196640; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.21.6; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 39; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Application-Policies: 1.3.6.1.4.1.311.21.6; 
 msPKI-RA-Signature: 1; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 2; 
 name: KeyRecoveryAgent; 
 pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.21.6; 
 pKIKeyUsage:  0x20 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 105; 
  
 cn: Machine; 
 displayName: Computer; 
 flags: 197216; 
 msPKI-Certificate-Name-Flag: 402653184; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: Machine; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 
 pKIKeyUsage: 0xa0 0x00
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 5; 
  
 cn: MachineEnrollmentAgent; 
 displayName: Enrollment Agent (Computer); 
 flags: 66144; 
 msPKI-Certificate-Name-Flag: 402653184; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: MachineEnrollmentAgent; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 
    2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; 
 pKIKeyUsage: 0x80 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 5; 
  
 cn: OfflineRouter; 
 displayName: Router (Offline request); 
 flags: 66113; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: OfflineRouter; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xa0 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 4; 
  
  
 cn: RASAndIASServer; 
 displayName: RAS and IAS Server; 
 flags: 197216; 
 msPKI-Certificate-Application-Policy (2): 
    1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 
 msPKI-Certificate-Name-Flag: 1207959552; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Supersede-Templates: NTDEVComputer; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: RASAndIASServer; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 
 pKIKeyUsage: 0xa0 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 104; 
  
 cn: SmartcardLogon; 
 displayName: Smartcard Logon; 
 flags: 197120; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 512; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: SmartcardLogon; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage (2): 
    1.3.6.1.4.1.311.20.2.2; 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xa0 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 6; 
  
 cn: SmartcardUser; 
 displayName: Smartcard User; 
 flags: 197130; 
 msPKI-Certificate-Name-Flag: -1509949440; 
 msPKI-Enrollment-Flag: 9; 
 msPKI-Minimal-Key-Size: 512; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: SmartcardUser; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage (3): 
    1.3.6.1.4.1.311.20.2.2; 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xa0 0x00
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 11; 
  
 cn: SubCA; 
 displayName: Subordinate Certification Authority; 
 flags: 197329; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: SubCA; 
 pKICriticalExtensions: 2.5.29.19; 
 pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF
 pKIKeyUsage: 0x86 0x00 
 pKIMaxIssuingDepth: -1; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 5; 
  
 cn: User; 
 displayName: User; 
 flags: 197178; 
 msPKI-Certificate-Name-Flag: -1509949440; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: User; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage (3): 1.3.6.1.4.1.311.10.3.4; 1.3.6.1.5.5.7.3.4; 
    1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xa0 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 3; 
  
 cn: UserSignature; 
 displayName: User Signature Only; 
 flags: 197154; 
 msPKI-Certificate-Name-Flag: -1509949440; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: UserSignature; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 
    2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0x80 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 4; 
  
 cn: WebServer; 
 displayName: Web Server; 
 flags: 66113; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: WebServer; 
 pKIDefaultCSPs (2): 2,Microsoft DH SChannel Cryptographic Provider; 
    1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.1; 
 pKIKeyUsage: 0xa0 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 4; 
  
 cn: Workstation; 
 displayName: Workstation Authentication; 
 flags: 197216; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.5.5.7.3.2; 
 msPKI-Certificate-Name-Flag: 134217728; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: Workstation; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xa0 0x00
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 104;
  
  

<41> Section 3: The following is the list of the default certificate templates and their attribute values that are installed to Active Directory by Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview.

  
 cn: Administrator; 
 displayName: Administrator; 
 flags: 66106; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.7; 
 msPKI-Certificate-Name-Flag: -1509949440; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: Administrator; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (4): 1.3.6.1.4.1.311.10.3.1; 1.3.6.1.4.1.311.10.3.4; 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 4; 
  
 cn: CA; 
 displayName: Root Certification Authority; 
 flags: 65745; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.17; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: CA; 
 pKICriticalExtensions (2): 2.5.29.15; 2.5.29.19; 
 pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF; 
 pKIKeyUsage: 0x86 0x00; 
 pKIMaxIssuingDepth: -1; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 5; 
  
 cn: CAExchange; 
 displayName: CA Exchange; 
 flags: 65600; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.26; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.21.5; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 1; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: CAExchange; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0xC0 0x1B 0xD7 0x7F 0xFA 0xFF 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.21.5; 
 pKIKeyUsage: 0x20 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x40 0x96 0xD5 0x36 0xFF 0xFF 0xFF; 
 revision: 106; 
  
 cn: CEPEncryption; 
 displayName: CEP Encryption; 
 flags: 66113; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.22; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: CEPEncryption; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; 
 pKIKeyUsage: 0x20 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 4; 
  
 cn: ClientAuth; 
 displayName: Authenticated Session; 
 flags: 66080; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.4; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: ClientAuth; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0x80 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 3; 
  
 cn: CodeSigning; 
 displayName: Code Signing; 
 flags: 66080; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.9; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: CodeSigning; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.3; 
 pKIKeyUsage: 0x80 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 3; 
  
 cn: CrossCA; 
 displayName: Cross Certification Authority; 
 flags: 67600; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.25; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 8; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Application-Policies: 1.3.6.1.4.1.311.10.3.10; 
 msPKI-RA-Signature: 1; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: CrossCA; 
 pKICriticalExtensions (2): 2.5.29.15; 2.5.29.19; 
 pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF; 
 pKIKeyUsage: 0x86 0x00; 
 pKIMaxIssuingDepth: -1; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 105; 
  
 cn: CTLSigning; 
 displayName: Trust List Signing; 
 flags: 66080; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.10; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: CTLSigning; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.10.3.1; 
 pKIKeyUsage: 0x80 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 3; 
  
 cn: DirectoryEmailReplication; 
 displayName: Directory Email Replication; 
 flags: 65632; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.29; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.21.19; 
 msPKI-Certificate-Name-Flag: 150994944; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Supersede-Templates: DomainController; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: DirectoryEmailReplication; 
 pKICriticalExtensions (2): 2.5.29.15; 2.5.29.17; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.21.19; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 00 80 A6 0A FF DE FF FF; 
 revision: 115; 
  
 cn: DomainController; 
 displayName: Domain Controller; 
 flags: 66156; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.15; 
 msPKI-Certificate-Name-Flag: 419430400; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: DomainController; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 4; 
  
 cn: DomainControllerAuthentication; 
 displayName: Domain Controller Authentication; 
 flags: 65632; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.28; 
 msPKI-Certificate-Application-Policy (3): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 1.3.6.1.4.1.311.20.2.2; 
 msPKI-Certificate-Name-Flag: 134217728; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Supersede-Templates: DomainController; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: DomainControllerAuthentication; 
 pKICriticalExtensions (2): 2.5.29.15; 2.5.29.17; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (3): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 1.3.6.1.4.1.311.20.2.2; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 110; 
  
 cn: EFS; 
 displayName: Basic EFS; 
 flags: 66104; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.6; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: EFS; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.10.3.4; 
 pKIKeyUsage: 0x20 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 3; 
  
 cn: EFSRecovery; 
 displayName: EFS Recovery Agent; 
 flags: 66096; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.8; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 33; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: EFSRecovery; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.10.3.4.1; 
 pKIKeyUsage: 0x20 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 6; 
  
 cn: EnrollmentAgent; 
 displayName: Enrollment Agent; 
 flags: 66080; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.11; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: EnrollmentAgent; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; 
 pKIKeyUsage: 0x80 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 4; 
  
 cn: EnrollmentAgentOffline; 
 displayName: Exchange Enrollment Agent (Offline request); 
 flags: 66049; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.12; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: EnrollmentAgentOffline; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; 
 pKIKeyUsage: 0x80 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 4; 
  
 cn: ExchangeUser; 
 displayName: Exchange User; 
 flags: 66065; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.23; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 1; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: ExchangeUser; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.4; 
 pKIKeyUsage: 0x20 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 7; 
  
 cn: ExchangeUserSignature; 
 displayName: Exchange Signature Only; 
 flags: 66049; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.24; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: ExchangeUserSignature; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.4; 
 pKIKeyUsage: 0x80 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 6; 
  
 cn: IPSECIntermediateOffline; 
 displayName: IPSec (Offline request); 
 flags: 66113; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.20; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: IPSECIntermediateOffline; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.8.2.2; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 7; 
  
 cn: IPSECIntermediateOnline; 
 displayName: IPSec; 
 flags: 66144; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.19; 
 msPKI-Certificate-Name-Flag: 402653184; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: IPSECIntermediateOnline; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.8.2.2; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 8; 
  
 cn: KerberosAuthentication; 
 displayName: Kerberos Authentication; 
 flags: 65632; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.33; 
 msPKI-Certificate-Application-Policy (4): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 1.3.6.1.4.1.311.20.2.2; 1.3.6.1.5.2.3.5; 
 msPKI-Certificate-Name-Flag: 138412032; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: KerberosAuthentication; 
 pKICriticalExtensions (2): 2.5.29.15; 2.5.29.17; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (4): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 1.3.6.1.4.1.311.20.2.2; 1.3.6.1.5.2.3.5; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 110; 
  
 cn: KeyRecoveryAgent; 
 displayName: Key Recovery Agent; 
 flags: 65568; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.27; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.21.6; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 39; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: KeyRecoveryAgent; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.21.6; 
 pKIKeyUsage: 0x20 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 105; 
  
 cn: Machine; 
 displayName: Computer; 
 flags: 66144; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.14; 
 msPKI-Certificate-Name-Flag: 402653184; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: Machine; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 5; 
  
 cn: MachineEnrollmentAgent; 
 displayName: Enrollment Agent (Computer); 
 flags: 66144; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.13; 
 msPKI-Certificate-Name-Flag: 402653184; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: MachineEnrollmentAgent; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; 
 pKIKeyUsage: 0x80 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 5; 
  
 cn: OCSPResponseSigning; 
 displayName: OCSP Response Signing; 
 flags: 66112; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.32; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.5.5.7.3.9; 
 msPKI-Certificate-Name-Flag: 402653184; 
 msPKI-Enrollment-Flag: 4096; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Application-Policies: msPKI-Asymmetric-Algorithm`PZPWSTR`RSA`msPKI-Hash-Algorithm`PZPWSTR`SHA1`msPKI-Key-Security-Descriptor`PZPWSTR`D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;GR;;;S-1-5-80-3804348527-3718992918-2141599610-3686422417-2726379419)`msPKI-Key-Usage`DWORD`2`; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 3; 
 name: OCSPResponseSigning; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x80 0x37 0xAE 0xFF 0xF4 0xFF 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.9; 
 pKIKeyUsage: 0x80 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0x2C 0xAB 0x6D 0xFE 0xFF 0xFF; 
 revision: 101; 
  
 cn: OfflineRouter; 
 displayName: Router (Offline request); 
 flags: 66113; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.21; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: OfflineRouter; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 4; 
  
 cn: RASAndIASServer; 
 displayName: RAS and IAS Server; 
 flags: 66144; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.31; 
 msPKI-Certificate-Application-Policy (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 
 msPKI-Certificate-Name-Flag: 1207959552; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: RASAndIASServer; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 101; 
  
 cn: SmartcardLogon; 
 displayName: Smartcard Logon; 
 flags: 66048; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.5; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 512; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: SmartcardLogon; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.4.1.311.20.2.2; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 6; 
  
 cn: SmartcardUser; 
 displayName: Smartcard User; 
 flags: 66058; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.3; 
 msPKI-Certificate-Name-Flag: -1509949440; 
 msPKI-Enrollment-Flag: 9; 
 msPKI-Minimal-Key-Size: 512; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: SmartcardUser; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (3): 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; 1.3.6.1.4.1.311.20.2.2; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 11; 
  
 cn: SubCA; 
 displayName: Subordinate Certification Authority; 
 flags: 66257; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.18; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: SubCA; 
 pKICriticalExtensions (2): 2.5.29.15; 2.5.29.19; 
 pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF; 
 pKIKeyUsage: 0x86 0x00; 
 pKIMaxIssuingDepth: -1; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 5; 
  
 cn: User; 
 displayName: User; 
 flags: 66106; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.1; 
 msPKI-Certificate-Name-Flag: -1509949440; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: User; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (3): 1.3.6.1.4.1.311.10.3.4; 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 3; 
  
 cn: UserSignature; 
 displayName: User Signature Only; 
 flags: 66082; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.2; 
 msPKI-Certificate-Name-Flag: -1509949440; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: UserSignature; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0x80 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 4; 
  
 cn: WebServer; 
 displayName: Web Server; 
 flags: 66113; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.16; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: WebServer; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (2): 2,Microsoft DH SChannel Cryptographic Provider; 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.1; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 4; 
  
 cn: Workstation; 
 displayName: Workstation Authentication; 
 flags: 66144; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.30; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.5.5.7.3.2; 
 msPKI-Certificate-Name-Flag: 134217728; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: Workstation; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 101; 
  
Show:
© 2015 Microsoft