Tuesday, March 19, 2013 9:22 PM
I am building an enterprise sub CA and using the CAconfig.inf with the option (LoadDefaultTemplates=0). I placed the file to C:\windows directory. After the CA is built, I noticed default templates were loaded into the Certificate Templates folder using Certification Authority snap-in. Is there a proper way to unload these templates from this CA? There is a delete option when I right click on each template in the Certificate Templates folder à Certification Authority snap-in, I just want to make sure this delete option won’t affect the actual templates published in Active Directory.
Wednesday, March 20, 2013 1:52 AM
A couple of things.
The file is named CAPolicy.inf, so that is why the default templates still loaded.
You are safe removing the certificate templates from the Certification Authority console. This simply prevents them from being available for enrollment at that specific CA. The dangerous move is deleting them from the Certificate Templates console (certtmpl.msc)