Step 2
Use the following to configure the template:
General:
Specify a Template display name, for example WHfB Certificate Authentication.
Make sure Publish Certificate In Active Directory is selected.
Request Handling:
Uncheck the Allow private key to be exported option.
Uncheck Include Symmetric Algorithm allowed by the subject option.
Extensions:
Select Application Policies and Edit.
Select Secure Email and press Remove
Select Encrypting File Systems and press Remove.
Security:
Add the security group that you want to give Enroll and Auto Enroll access to. For example, if you want to give access to all users, select the Authenticated users group, and then select Enroll and Auto Enroll permissions for them.
Select Apply and OK to finalize your changes and create the new template. Your new template should now appear in the list of Certificate Templates
Close the Certificate Templates console.
