Certificate Templates in Windows Server 2003

A template states what the certificate allows the holder to do, e.g. Encrypt files or logon.

Use the buttons below to navigate through the lesson

Windows Server 2003 comes with several different templates, which can be used to issue different certificates with different attributes. Templates greatly simplify the process of issuing certificates because they keep you from having to remember all the attributes that you may want to put into a certificate.

Here are the most common certificate templates and their respective purposes:

Template Name	Usage	Used by:
Administrator	Sign code; sign CTLs; secure e-mail; EFS; authenticate clients	Domain Administrators
Authenticated Session	Authenticate Clients	Network Clients
Basic EFS	Use Encrypting File System (EFS)	Standard Users
Code Signing	Sign code to prove its trustworthiness	Users who have the right to sign code.
Computer	Authenticate to a server and vice versa	Domain Computers
Domain Controller	Authenticate servers to clients and vice versa	Active Directory Domain Controllers
EFS Recovery Agent	Recover encrypted files when the original key has been lost	Users who have recovery agent rights.
Enrollment Agent	Request Certificates	Users who are allowed to request certificates
Smartcard Logon	Logon using a Smartcard	Users who log on using smartcards
Smartcard User	Authentication and Security	Users who log on and encrypt files with their smartcards
EFS Recovery Agent	Recover encrypted files when the original key has been lost	Users who have recovery agent rights.
Subordinate Certification Authority	Issue and revoke certificates as a subordinate CA	Subordinate CAs
Trust List Signing	Sign the certificate trust list	Administrators who have authorization to modify the CTL
User	Authentication and encryption	Standard Users
User Signature Only	Sign e-mail and authentication messages	Standard users whom you wish to deny encryption abilities