When designing certificate templates, the following best practices should be employed:
■ Determine whether a default version 1 or version 2 certificate template meets your business goals. A default template does not require any modifications other than permission assignments.
■ If you need to change settings in a certificate template other than permissions, duplicate a template that is closest to the required template. This minimizes the number of changes required.
■ If you replace an existing certificate template with an updated template, ensure that you add the previous template to the Superseded Templates tab.
■ To enroll a certificate, a user or computer must be assigned Read and Enroll permissions, either directly or through group membership.
■ To enroll a certificate with autoenrollment, a user or computer must be assigned Read, Enroll, and Autoenroll permissions.
■ To modify a certificate template, a user must be assigned Write permissions.
■ Determine whether you should deploy fewer certificates with multiple pur poses or many certificates with specific purposes. The decision is based on the purposes you require and whether you foresee removing a purpose from a cer tificate holder.
Was this article helpful?