A template states what the certificate allows the holder to do, e.g. Encrypt files or logon.
Use the buttons below to navigate through the lesson
Windows Server 2003 comes with several different templates, which can be used to issue different certificates with different attributes. Templates greatly simplify the process of issuing certificates because they keep you from having to remember all the attributes that you may want to put into a certificate.
Here are the most common certificate templates and their respective purposes:
| Template Name | Usage | Used by: |
| Administrator | Sign code; sign CTLs; secure e-mail; EFS; authenticate clients | Domain Administrators |
| Authenticated Session | Authenticate Clients | Network Clients |
| Basic EFS | Use Encrypting File System (EFS) | Standard Users |
| Code Signing | Sign code to prove its trustworthiness | Users who have the right to sign code. |
| Computer | Authenticate to a server and vice versa | Domain Computers |
| Domain Controller | Authenticate servers to clients and vice versa | Active Directory Domain Controllers |
| EFS Recovery Agent | Recover encrypted files when the original key has been lost | Users who have recovery agent rights. |
| Enrollment Agent | Request Certificates | Users who are allowed to request certificates |
| Smartcard Logon | Logon using a Smartcard | Users who log on using smartcards |
| Smartcard User | Authentication and Security | Users who log on and encrypt files with their smartcards |
| EFS Recovery Agent | Recover encrypted files when the original key has been lost | Users who have recovery agent rights. |
| Subordinate Certification Authority | Issue and revoke certificates as a subordinate CA | Subordinate CAs |
| Trust List Signing | Sign the certificate trust list | Administrators who have authorization to modify the CTL |
| User | Authentication and encryption | Standard Users |
| User Signature Only | Sign e-mail and authentication messages | Standard users whom you wish to deny encryption abilities |