locked
Unload CA default Templates RRS feed

  • Question

  • I am building an enterprise sub CA and using the CAconfig.inf with the option (LoadDefaultTemplates=0). I placed the file to C:\windows directory. After the CA is built, I noticed default templates were loaded into the Certificate Templates folder using Certification Authority snap-in. Is there a proper way to unload these templates from this CA? There is a delete option when I right click on each template in the Certificate Templates folder à Certification Authority snap-in, I just want to make sure this delete option won’t affect the actual templates published in Active Directory.

    Thanks,

    Tuesday, March 19, 2013 9:22 PM

Answers

  • A couple of things.

    The file is named CAPolicy.inf, so that is why the default templates still loaded.

    You are safe removing the certificate templates from the Certification Authority console. This simply prevents them from being available for enrollment at that specific CA. The dangerous move is deleting them from the Certificate Templates console (certtmpl.msc)

    Brian

    • Proposed as answer by Vadims PodansMVP Wednesday, March 20, 2013 9:41 AM
    • Marked as answer by 朱鸿文 Friday, March 29, 2013 6:14 AM
    Wednesday, March 20, 2013 1:52 AM