5 Appendix A: Product Behavior

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include updates to those products.

The terms "earlier" and "later", when used with a product version, refer to either all preceding versions or all subsequent versions, respectively. The term "through" refers to the inclusive range of versions. Applicable Microsoft products are listed chronologically in this section.

Windows Client Releases

  • Windows 2000 Professional operating system

  • Windows XP operating system

  • Windows Vista operating system

  • Windows 7 operating system

  • Windows 8 operating system

  • Windows 8.1 operating system

  • Windows 10 operating system

Windows Server Releases

  • Windows 2000 Server operating system

  • Windows Server 2003 operating system

  • Windows Server 2008 operating system

  • Windows Server 2008 R2 operating system

  • Windows Server 2012 operating system

  • Windows Server 2012 R2 operating system

  • Windows Server 2016 operating system

  • Windows Server operating system

Exceptions, if any, are noted in this section. If an update version, service pack or Knowledge Base (KB) number appears with a product name, the behavior changed in that update. The new behavior also applies to subsequent updates unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms "SHOULD" or "SHOULD NOT" implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term "MAY" implies that the product does not follow the prescription.

<1> Section 1.6: Windows defines four template versions: version 1, version 2, version 3, and version 4. Version 1 templates are supported by CAs that run on Windows 2000 Server and later. Version 2 templates are supported by Microsoft CAs that run on Windows Server 2003 Enterprise Edition operating system, Windows Server 2003 R2 Datacenter Edition operating system, and Windows Server 2008 and later. Version 3 templates are supported by CAs that run on Windows Server 2008 and later. Version 4 templates are supported by CAs that run on Windows Server 2012 and later.

<2> Section 2.1: The cn attribute is implemented in Windows 2000 Server and later.

<3> Section 2.2: The displayName attribute is implemented in Windows 2000 Server and later.

<4> Section 2.3: The distinguishedName attribute is implemented in Windows 2000 Server and later.

<5> Section 2.4: The flags attribute is implemented in Windows 2000 Server and later.

<6> Section 2.4: This flag is supported in applicable Windows Server releases, with exception of Windows 2000 Server, Windows Server 2003, Windows Server 2003 R2 operating system, and Windows Server 2008.

<7> Section 2.5: The ntSecurityDescriptor attribute is implemented in Windows 2000 Server and later.

<8> Section 2.6: The revision attribute is implemented in Windows 2000 Server and later.

<9> Section 2.7: The pKICriticalExtensions attribute is implemented in Windows 2000 Server and later.

<10> Section 2.8: The pKIDefaultCSPs attribute is implemented in Windows 2000 Server and later.

<11> Section 2.9: The pKIDefaultKeySpec attribute is implemented in Windows 2000 Server and later. For more information about the Microsoft implementation of key types, see [MSDN-KEY].

<12> Section 2.10: The pKIEnrollmentAccess attribute is implemented in Windows 2000 Server and later.

<13> Section 2.11: The pKIExpirationPeriod attribute is implemented in Windows 2000 Server and later.

<14> Section 2.12: The pKIExtendedKeyUsage attribute is implemented in Windows 2000 Server and later.

<15> Section 2.13: The pKIKeyUsage attribute is implemented in Windows 2000 Server and later.

<16> Section 2.14: The pKIMaxIssuingDepth attribute is implemented in Windows 2000 Server and later.

<17> Section 2.16: The msPKI-Template-Schema-Version attribute is implemented in applicable Windows Server releases, with the exception of Windows 2000 Server.

<18> Section 2.17: The msPKI-Template-Minor-Revision attribute is implemented in Windows Server 2003 and later.

<19> Section 2.18: The msPKI-RA-Signature attribute is implemented in Windows Server 2003 and later.

<20> Section 2.19: The msPKI-Minimal-Key-Size attribute is implemented in Windows Server 2003 and later.

<21> Section 2.20: The msPKI-Cert-Template-OID attribute is implemented in Windows Server 2003 and later.

<22> Section 2.21: The msPKI-Supersede-Templates attribute is implemented in Windows Server 2003 and later.

<23> Section 2.22: The msPKI-RA-Policies attribute is implemented in Windows Server 2003 and later.

<24> Section 2.23: The msPKI-RA-Application-Policies attribute is implemented in Windows Server 2003 and later.

<25> Section 2.24: The msPKI-Certificate-Policy attribute is implemented in Windows Server 2003 and later.

<26> Section 2.25: The msPKI-Certificate-Application-Policy attribute is implemented in Windows Server 2003 and later.

<27> Section 2.26: The msPKI-Enrollment-Flag attribute is implemented in Windows Server 2003 and later.

<28> Section 2.26: This flag is supported in applicable Windows Server releases, with the exception of Windows 2000 Server, Windows Server 2003, and Windows Server 2003 R2.

<29> Section 2.26: This flag is supported in Windows Vista and later clients and in Windows Server 2008 and later servers.

<30> Section 2.26: This flag is supported in Windows Server 2008 R2 and later.

<31> Section 2.26: This flag is supported in Windows Server 2008 R2 and later.

<32> Section 2.26: This flag is supported in Windows Server 2012 and later.

<33> Section 2.26: This flag is supported in Windows Server 2012 and later.

<34> Section 2.27: The msPKI-Private-Key-Flag attribute is implemented in Windows Server 2003 and later.

<35> Section 2.27: This flag is supported in Windows Server 2012 and later.

<36> Section 2.27: This flag is supported in Windows Server 2012 and later.

<37> Section 2.27: These flags are supported only in Windows Server 2012 R2 and later.

<38> Section 2.28: The msPKI-Certificate-Name-Flag attribute is implemented in Windows Server 2003 and later.

<39> Section 2.28: This flag is supported in Windows Server 2008 R2 and later.

<40> Section 3: The following is the list of the default certificate templates and their attribute values that are installed to Active Directory by Windows Server 2003 and Windows XP.

  
 cn: Administrator; 
 displayName: Administrator; 
 flags: 66106; 
 msPKI-Certificate-Name-Flag: -1509949440; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: Administrator; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 
     1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage (4): 1.3.6.1.4.1.311.10.3.1; 
     1.3.6.1.4.1.311.10.3.4; 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xA0 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 4; 
  
 cn: CA; 
 displayName: Root Certification Authority; 
 flags: 65745; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: CA; 
 pKICriticalExtensions: 2.5.29.19; 
 pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF 
 pKIKeyUsage: 0x86 0x00 
 pKIMaxIssuingDepth: -1; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 5; 
  
 cn: CAExchange; 
 displayName: CA Exchange; 
 flags: 65600; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.21.5; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 1; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: CAExchange; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0xC0 0x1B 0xD7 0x7F 0xFA 0xFF 0xFF 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.21.5; 
 pKIKeyUsage: 0x20 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0xC0 0x1B 0xD7 0x7F 0xFA 0xFF 0xFF 
 revision: 106; 
  
 cn: CEPEncryption; 
 displayName: CEP Encryption; 
 flags: 66113; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: CEPEncryption; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; 
 pKIKeyUsage:  0x20 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 4; 
  
 cn: CertificateRequestAgent; 
 displayName: Certificate Request Agent; 
 flags: 131616; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.20.2.1; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 96; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Application-Policies: 1.3.6.1.4.1.311.20.2.1; 
 msPKI-RA-Signature: 1; 
 msPKI-Template-Minor-Revision: 4; 
 msPKI-Template-Schema-Version: 2; 
 name: CertificateRequestAgent; 
 pKIDefaultCSPs: 1,Microsoft Base Smart Card Crypto Provider; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; 
 pKIKeyUsage: 0x80 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 100; 
  
 cn: ClientAuth; 
 displayName: Authenticated Session; 
 flags: 197152; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: ClientAuth; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 
    2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0x80 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 3; 
  
 cn: CodeSigning; 
 displayName: Code Signing; 
 flags: 66080; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: CodeSigning; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 
    2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.3; 
 pKIKeyUsage: 0x80 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 3; 
  
 cn: CrossCA; 
 displayName: Cross Certification Authority; 
 flags: 198672; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 512; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Application-Policies: 1.3.6.1.4.1.311.10.3.10; 
 msPKI-RA-Signature: 1; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: CrossCA; 
 pKICriticalExtensions: 2.5.29.19; 
 pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF
 pKIKeyUsage: 0x86 0x00 
 pKIMaxIssuingDepth: -1; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 110; 
  
 cn: CTLSigning; 
 displayName: Trust List Signing; 
 flags: 66080; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: CTLSigning; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 
    2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.10.3.1; 
 pKIKeyUsage: 0x80 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 3; 
  
 cn: DirectoryEmailReplication; 
 displayName: Directory Email Replication; 
 flags: 196704; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.21.19; 
 msPKI-Certificate-Name-Flag: 150994944; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Supersede-Templates: DomainController; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: DirectoryEmailReplication; 
 pKICriticalExtensions: 2.5.29.17; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.21.19; 
 pKIKeyUsage: 0xa0 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 122; 
  
 cn: DomainController; 
 displayName: Domain Controller; 
 flags: 197228; 
 msPKI-Certificate-Name-Flag: 419430400; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: DomainController; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF
 pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 
 pKIKeyUsage: 0xa0 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 4; 
  
 cn: DomainControllerAuthentication; 
 displayName: Domain Controller Authentication; 
 flags: 196704; 
 msPKI-Certificate-Application-Policy (3): 1.3.6.1.5.5.7.3.2; 
    1.3.6.1.5.5.7.3.1; 1.3.6.1.4.1.311.20.2.2; 
 msPKI-Certificate-Name-Flag: 134217728; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Supersede-Templates: DomainController; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: DomainControllerAuthentication; 
 pKICriticalExtensions: 2.5.29.17; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF
 pKIExtendedKeyUsage (3): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 
    1.3.6.1.4.1.311.20.2.2; 
 pKIKeyUsage: 0xa0 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 119; 
  
 cn: EFS; 
 displayName: Basic EFS; 
 flags: 197176; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: EFS; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.10.3.4; 
 pKIKeyUsage:  0x20 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 3; 
  
 cn: EFSRecovery; 
 displayName: EFS Recovery Agent; 
 flags: 66096; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 33; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: EFSRecovery; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.10.3.4.1; 
 pKIKeyUsage:  0x20 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 6; 
  
 cn: EnrollmentAgent; 
 displayName: Enrollment Agent; 
 flags: 197152; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: EnrollmentAgent; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 
    2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; 
 pKIKeyUsage: 0x80 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF
 revision: 4; 
  
 cn: EnrollmentAgentOffline; 
 displayName: Exchange Enrollment Agent (Offline request); 
 flags: 66049; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: EnrollmentAgentOffline; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 
    2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; 
 pKIKeyUsage: 0x80 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 4; 
  
 cn: ExchangeUser; 
 displayName: Exchange User; 
 flags: 66065; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 1; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: ExchangeUser; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.4; 
 pKIKeyUsage:  0x20 0x00
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 7; 
  
 cn: ExchangeUserSignature; 
 displayName: Exchange Signature Only; 
 flags: 66049; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: ExchangeUserSignature; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 
    2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.4; 
 pKIKeyUsage: 0x80 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 6; 
  
 cn: IPSECIntermediateOffline; 
 displayName: IPSEC (Offline request); 
 flags: 197185; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: IPSECIntermediateOffline; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.5.5.8.2.2; 
 pKIKeyUsage: 0xa0 0x00
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 7; 
  
 cn: IPSECIntermediateOnline; 
 displayName: IPSEC; 
 flags: 197216; 
 msPKI-Certificate-Name-Flag: 402653184; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: IPSECIntermediateOnline; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.8.2.2; 
 pKIKeyUsage: 0xa0 0x00
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 8; 
  
 cn: KeyRecoveryAgent; 
 displayName: Key Recovery Agent; 
 flags: 196640; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.21.6; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 39; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Application-Policies: 1.3.6.1.4.1.311.21.6; 
 msPKI-RA-Signature: 1; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 2; 
 name: KeyRecoveryAgent; 
 pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.21.6; 
 pKIKeyUsage:  0x20 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 105; 
  
 cn: Machine; 
 displayName: Computer; 
 flags: 197216; 
 msPKI-Certificate-Name-Flag: 402653184; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: Machine; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 
 pKIKeyUsage: 0xa0 0x00
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 5; 
  
 cn: MachineEnrollmentAgent; 
 displayName: Enrollment Agent (Computer); 
 flags: 66144; 
 msPKI-Certificate-Name-Flag: 402653184; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: MachineEnrollmentAgent; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 
    2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; 
 pKIKeyUsage: 0x80 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 5; 
  
 cn: OfflineRouter; 
 displayName: Router (Offline request); 
 flags: 66113; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: OfflineRouter; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xa0 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 4; 
  
  
 cn: RASAndIASServer; 
 displayName: RAS and IAS Server; 
 flags: 197216; 
 msPKI-Certificate-Application-Policy (2): 
    1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 
 msPKI-Certificate-Name-Flag: 1207959552; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Supersede-Templates: NTDEVComputer; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: RASAndIASServer; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 
 pKIKeyUsage: 0xa0 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 104; 
  
 cn: SmartcardLogon; 
 displayName: Smartcard Logon; 
 flags: 197120; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 512; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: SmartcardLogon; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage (2): 
    1.3.6.1.4.1.311.20.2.2; 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xa0 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 6; 
  
 cn: SmartcardUser; 
 displayName: Smartcard User; 
 flags: 197130; 
 msPKI-Certificate-Name-Flag: -1509949440; 
 msPKI-Enrollment-Flag: 9; 
 msPKI-Minimal-Key-Size: 512; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: SmartcardUser; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage (3): 
    1.3.6.1.4.1.311.20.2.2; 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xa0 0x00
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 11; 
  
 cn: SubCA; 
 displayName: Subordinate Certification Authority; 
 flags: 197329; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: SubCA; 
 pKICriticalExtensions: 2.5.29.19; 
 pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF
 pKIKeyUsage: 0x86 0x00 
 pKIMaxIssuingDepth: -1; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 5; 
  
 cn: User; 
 displayName: User; 
 flags: 197178; 
 msPKI-Certificate-Name-Flag: -1509949440; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: User; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage (3): 1.3.6.1.4.1.311.10.3.4; 1.3.6.1.5.5.7.3.4; 
    1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xa0 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 3; 
  
 cn: UserSignature; 
 displayName: User Signature Only; 
 flags: 197154; 
 msPKI-Certificate-Name-Flag: -1509949440; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: UserSignature; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 
    2,Microsoft Base Cryptographic Provider v1.0; 
    1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0x80 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 4; 
  
 cn: WebServer; 
 displayName: Web Server; 
 flags: 66113; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: WebServer; 
 pKIDefaultCSPs (2): 2,Microsoft DH SChannel Cryptographic Provider; 
    1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.1; 
 pKIKeyUsage: 0xa0 0x00 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 4; 
  
 cn: Workstation; 
 displayName: Workstation Authentication; 
 flags: 197216; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.5.5.7.3.2; 
 msPKI-Certificate-Name-Flag: 134217728; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: Workstation; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xa0 0x00
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF 
 revision: 104;
  
  

<41> Section 3: The following is the list of the default certificate templates and their attribute values that are installed to Active Directory by Windows Vista and later clients and by Windows Server 2008 and later servers.

  
 cn: Administrator; 
 displayName: Administrator; 
 flags: 66106; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.7; 
 msPKI-Certificate-Name-Flag: -1509949440; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: Administrator; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (4): 1.3.6.1.4.1.311.10.3.1; 1.3.6.1.4.1.311.10.3.4; 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 4; 
  
 cn: CA; 
 displayName: Root Certification Authority; 
 flags: 65745; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.17; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: CA; 
 pKICriticalExtensions (2): 2.5.29.15; 2.5.29.19; 
 pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF; 
 pKIKeyUsage: 0x86 0x00; 
 pKIMaxIssuingDepth: -1; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 5; 
  
 cn: CAExchange; 
 displayName: CA Exchange; 
 flags: 65600; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.26; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.21.5; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 1; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: CAExchange; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0xC0 0x1B 0xD7 0x7F 0xFA 0xFF 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.21.5; 
 pKIKeyUsage: 0x20 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x40 0x96 0xD5 0x36 0xFF 0xFF 0xFF; 
 revision: 106; 
  
 cn: CEPEncryption; 
 displayName: CEP Encryption; 
 flags: 66113; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.22; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: CEPEncryption; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; 
 pKIKeyUsage: 0x20 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 4; 
  
 cn: ClientAuth; 
 displayName: Authenticated Session; 
 flags: 66080; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.4; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: ClientAuth; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0x80 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 3; 
  
 cn: CodeSigning; 
 displayName: Code Signing; 
 flags: 66080; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.9; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: CodeSigning; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.3; 
 pKIKeyUsage: 0x80 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 3; 
  
 cn: CrossCA; 
 displayName: Cross Certification Authority; 
 flags: 67600; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.25; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 8; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Application-Policies: 1.3.6.1.4.1.311.10.3.10; 
 msPKI-RA-Signature: 1; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: CrossCA; 
 pKICriticalExtensions (2): 2.5.29.15; 2.5.29.19; 
 pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF; 
 pKIKeyUsage: 0x86 0x00; 
 pKIMaxIssuingDepth: -1; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 105; 
  
 cn: CTLSigning; 
 displayName: Trust List Signing; 
 flags: 66080; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.10; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: CTLSigning; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.10.3.1; 
 pKIKeyUsage: 0x80 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 3; 
  
 cn: DirectoryEmailReplication; 
 displayName: Directory Email Replication; 
 flags: 65632; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.29; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.21.19; 
 msPKI-Certificate-Name-Flag: 150994944; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Supersede-Templates: DomainController; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: DirectoryEmailReplication; 
 pKICriticalExtensions (2): 2.5.29.15; 2.5.29.17; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.21.19; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 00 80 A6 0A FF DE FF FF; 
 revision: 115; 
  
 cn: DomainController; 
 displayName: Domain Controller; 
 flags: 66156; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.15; 
 msPKI-Certificate-Name-Flag: 419430400; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: DomainController; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 4; 
  
 cn: DomainControllerAuthentication; 
 displayName: Domain Controller Authentication; 
 flags: 65632; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.28; 
 msPKI-Certificate-Application-Policy (3): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 1.3.6.1.4.1.311.20.2.2; 
 msPKI-Certificate-Name-Flag: 134217728; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Supersede-Templates: DomainController; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: DomainControllerAuthentication; 
 pKICriticalExtensions (2): 2.5.29.15; 2.5.29.17; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (3): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 1.3.6.1.4.1.311.20.2.2; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 110; 
  
 cn: EFS; 
 displayName: Basic EFS; 
 flags: 66104; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.6; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: EFS; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.10.3.4; 
 pKIKeyUsage: 0x20 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 3; 
  
 cn: EFSRecovery; 
 displayName: EFS Recovery Agent; 
 flags: 66096; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.8; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 33; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: EFSRecovery; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.10.3.4.1; 
 pKIKeyUsage: 0x20 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 6; 
  
 cn: EnrollmentAgent; 
 displayName: Enrollment Agent; 
 flags: 66080; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.11; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: EnrollmentAgent; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; 
 pKIKeyUsage: 0x80 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 4; 
  
 cn: EnrollmentAgentOffline; 
 displayName: Exchange Enrollment Agent (Offline request); 
 flags: 66049; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.12; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: EnrollmentAgentOffline; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; 
 pKIKeyUsage: 0x80 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 4; 
  
 cn: ExchangeUser; 
 displayName: Exchange User; 
 flags: 66065; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.23; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 1; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: ExchangeUser; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.4; 
 pKIKeyUsage: 0x20 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 7; 
  
 cn: ExchangeUserSignature; 
 displayName: Exchange Signature Only; 
 flags: 66049; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.24; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: ExchangeUserSignature; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.4; 
 pKIKeyUsage: 0x80 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 6; 
  
 cn: IPSECIntermediateOffline; 
 displayName: IPSec (Offline request); 
 flags: 66113; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.20; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: IPSECIntermediateOffline; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.8.2.2; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 7; 
  
 cn: IPSECIntermediateOnline; 
 displayName: IPSec; 
 flags: 66144; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.19; 
 msPKI-Certificate-Name-Flag: 402653184; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: IPSECIntermediateOnline; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.8.2.2; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 8; 
  
 cn: KerberosAuthentication; 
 displayName: Kerberos Authentication; 
 flags: 65632; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.33; 
 msPKI-Certificate-Application-Policy (4): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 1.3.6.1.4.1.311.20.2.2; 1.3.6.1.5.2.3.5; 
 msPKI-Certificate-Name-Flag: 138412032; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: KerberosAuthentication; 
 pKICriticalExtensions (2): 2.5.29.15; 2.5.29.17; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (4): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 1.3.6.1.4.1.311.20.2.2; 1.3.6.1.5.2.3.5; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 110; 
  
 cn: KeyRecoveryAgent; 
 displayName: Key Recovery Agent; 
 flags: 65568; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.27; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.21.6; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 39; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: KeyRecoveryAgent; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.21.6; 
 pKIKeyUsage: 0x20 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 105; 
  
 cn: Machine; 
 displayName: Computer; 
 flags: 66144; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.14; 
 msPKI-Certificate-Name-Flag: 402653184; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: Machine; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 5; 
  
 cn: MachineEnrollmentAgent; 
 displayName: Enrollment Agent (Computer); 
 flags: 66144; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.13; 
 msPKI-Certificate-Name-Flag: 402653184; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: MachineEnrollmentAgent; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; 
 pKIKeyUsage: 0x80 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 5; 
  
 cn: OCSPResponseSigning; 
 displayName: OCSP Response Signing; 
 flags: 66112; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.32; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.5.5.7.3.9; 
 msPKI-Certificate-Name-Flag: 402653184; 
 msPKI-Enrollment-Flag: 4096; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Application-Policies: msPKI-Asymmetric-Algorithm`PZPWSTR`RSA`msPKI-Hash-Algorithm`PZPWSTR`SHA1`msPKI-Key-Security-Descriptor`PZPWSTR`D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;GR;;;S-1-5-80-3804348527-3718992918-2141599610-3686422417-2726379419)`msPKI-Key-Usage`DWORD`2`; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 3; 
 name: OCSPResponseSigning; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x80 0x37 0xAE 0xFF 0xF4 0xFF 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.9; 
 pKIKeyUsage: 0x80 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0x2C 0xAB 0x6D 0xFE 0xFF 0xFF; 
 revision: 101; 
  
 cn: OfflineRouter; 
 displayName: Router (Offline request); 
 flags: 66113; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.21; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: OfflineRouter; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 4; 
  
 cn: RASAndIASServer; 
 displayName: RAS and IAS Server; 
 flags: 66144; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.31; 
 msPKI-Certificate-Application-Policy (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 
 msPKI-Certificate-Name-Flag: 1207959552; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: RASAndIASServer; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 101; 
  
 cn: SmartcardLogon; 
 displayName: Smartcard Logon; 
 flags: 66048; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.5; 
 msPKI-Certificate-Name-Flag: -2113929216; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 512; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: SmartcardLogon; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.4.1.311.20.2.2; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 6; 
  
 cn: SmartcardUser; 
 displayName: Smartcard User; 
 flags: 66058; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.3; 
 msPKI-Certificate-Name-Flag: -1509949440; 
 msPKI-Enrollment-Flag: 9; 
 msPKI-Minimal-Key-Size: 512; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: SmartcardUser; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (3): 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; 1.3.6.1.4.1.311.20.2.2; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 11; 
  
 cn: SubCA; 
 displayName: Subordinate Certification Authority; 
 flags: 66257; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.18; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 1024; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: SubCA; 
 pKICriticalExtensions (2): 2.5.29.15; 2.5.29.19; 
 pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF; 
 pKIKeyUsage: 0x86 0x00; 
 pKIMaxIssuingDepth: -1; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 5; 
  
 cn: User; 
 displayName: User; 
 flags: 66106; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.1; 
 msPKI-Certificate-Name-Flag: -1509949440; 
 msPKI-Enrollment-Flag: 41; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 16; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: User; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (3): 1.3.6.1.4.1.311.10.3.4; 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 3; 
  
 cn: UserSignature; 
 displayName: User Signature Only; 
 flags: 66082; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.2; 
 msPKI-Certificate-Name-Flag: -1509949440; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: UserSignature; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; 
 pKIDefaultKeySpec: 2; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0x80 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 4; 
  
 cn: WebServer; 
 displayName: Web Server; 
 flags: 66113; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.16; 
 msPKI-Certificate-Name-Flag: 1; 
 msPKI-Enrollment-Flag: 0; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 1; 
 msPKI-Template-Schema-Version: 1; 
 name: WebServer; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs (2): 2,Microsoft DH SChannel Cryptographic Provider; 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.1; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 4; 
  
 cn: Workstation; 
 displayName: Workstation Authentication; 
 flags: 66144; 
 msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.30; 
 msPKI-Certificate-Application-Policy: 1.3.6.1.5.5.7.3.2; 
 msPKI-Certificate-Name-Flag: 134217728; 
 msPKI-Enrollment-Flag: 32; 
 msPKI-Minimal-Key-Size: 2048; 
 msPKI-Private-Key-Flag: 0; 
 msPKI-RA-Signature: 0; 
 msPKI-Template-Minor-Revision: 0; 
 msPKI-Template-Schema-Version: 2; 
 name: Workstation; 
 pKICriticalExtensions: 2.5.29.15; 
 pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; 
 pKIDefaultKeySpec: 1; 
 pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; 
 pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.2; 
 pKIKeyUsage: 0xA0 0x00; 
 pKIMaxIssuingDepth: 0; 
 pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; 
 revision: 101; 
  
Show: