1
00:00:07,290 --> 00:00:16,590
Certificate templates define how a certificate is requested and used such as for file encryption or

2
00:00:16,590 --> 00:00:17,700
email sign it.

3
00:00:18,360 --> 00:00:26,920
You configure templates on the CIA and the Active Directory Domain Services database stores them.

4
00:00:26,970 --> 00:00:33,850
There are several different versions of templates that correlate to their breeding system one they see

5
00:00:33,850 --> 00:00:44,100
a vendor a Server 2016 supports Version 4 templates and earlier template versions.

6
00:00:44,100 --> 00:00:52,350
The two types of certificate categories are certificate templates for users and certificate templates

7
00:00:52,350 --> 00:00:57,750
for computers you can use both the user and computer.

8
00:00:57,750 --> 00:01:07,890
Template 2 for multiple purpose you can assign permissions to certificate templates to define who can

9
00:01:07,890 --> 00:01:13,710
manage them and can perform enrollment or auto enrolment.

10
00:01:13,710 --> 00:01:23,340
You also can update certificate templates by modifying their original certificate template coping template

11
00:01:23,430 --> 00:01:28,370
or superseding existing certificate templates.

12
00:01:28,630 --> 00:01:34,950
And this section you'll learn how to manage and deploy certificate templates.

13
00:01:35,070 --> 00:01:42,630
Now after completing this section you'll be able to describe certificates and certificate templates

14
00:01:43,050 --> 00:01:49,080
describe certificate template versions and Windows Server 2016.

15
00:01:49,080 --> 00:01:54,110
Describe how to configure certificate template permissions.

16
00:01:54,120 --> 00:01:58,570
Describe how to configure certificate template settings.

17
00:01:58,770 --> 00:02:03,120
Describe options for updating a certificate template.

18
00:02:03,750 --> 00:02:13,050
And you'll be able to modify and enable a certificate template but before we start this section as usual

19
00:02:13,050 --> 00:02:22,020
let's answer some reassessment questions to find out whether you should learn whether you should proceed

20
00:02:22,290 --> 00:02:24,320
with this information.

21
00:02:24,450 --> 00:02:32,490
So question 1 which of the following statements are true regarding Version 2 certificate templates in

22
00:02:32,710 --> 00:02:34,330
a DCF.

23
00:02:34,650 --> 00:02:44,010
Option 1 version 2 templates support auto enrolment Option 2 You can only modify the security tap on

24
00:02:44,010 --> 00:02:53,420
a version to template options 3 you can upgrade to a version 2 template by duplicate and a version one

25
00:02:53,430 --> 00:02:59,050
template option for only Windows Server 2008.

26
00:02:59,160 --> 00:03:08,460
Windows Vista and later operating systems support Version 2 templates and 2 option 5 only Windows Server

27
00:03:08,490 --> 00:03:09,900
2012.

28
00:03:10,050 --> 00:03:20,600
Windows 8 and later operating systems support 2 Version 2 templates rest pause here and so on.

29
00:03:20,590 --> 00:03:27,160
Think about the correct answer and the answer is Option 1 and option 3.

30
00:03:28,240 --> 00:03:35,770
One important aspect of Version 2 templates is that they support auto enrolment by Active Directory

31
00:03:35,800 --> 00:03:39,560
Domain Services Users and Computers.

32
00:03:39,690 --> 00:03:47,890
Unlike version 1 templates you can modify all aspects of a version to template to a greater version

33
00:03:47,890 --> 00:03:56,950
to a template you can duplicate version one template Version 2 templates are supported on Windows Server

34
00:03:56,950 --> 00:04:00,190
2003 Enterprise Edition.

35
00:04:00,190 --> 00:04:10,960
Windows Server 2008 enterprise and Windows Server 2008 are two and later now the second question.

36
00:04:11,240 --> 00:04:16,750
You are the ADC yes administrator for a datum Corporation.

37
00:04:16,950 --> 00:04:24,300
Several users in your D s and Wirawan have auto enrolled to user a certificate.

38
00:04:24,300 --> 00:04:33,150
You want to shorten the related to period of user certificate and need to ensure that users get a new

39
00:04:33,150 --> 00:04:42,220
certificate immediately as our experience in any break in validity of the existence certificate ritual

40
00:04:42,290 --> 00:04:50,430
the folder and actions should you take option one duplicate the existing template and provide a new

41
00:04:50,430 --> 00:04:59,520
template name modify their validity period of the new template option to modify their validity period

42
00:04:59,760 --> 00:05:01,910
of the existing template.

43
00:05:01,980 --> 00:05:12,060
Option 3 modify the auto enrolment settings of the existing template option for revoke all user certificates

44
00:05:12,390 --> 00:05:21,060
issued from the existing template and the final option modify their new template so that it supersedes

45
00:05:21,390 --> 00:05:25,050
the existing template and publish the new template.

46
00:05:26,170 --> 00:05:34,720
Stop here and think about the answers and the answer is option 1 option 4 and Option 5.

47
00:05:35,590 --> 00:05:42,880
In this situation you should duplicate the existing template providing a new template name and validity

48
00:05:42,880 --> 00:05:44,010
period.

49
00:05:44,020 --> 00:05:51,340
In addition you should update the new template so that it supersedes the previous template.

50
00:05:51,610 --> 00:05:59,740
After you publish the new template turn enterprise C users who had auto enrolled against the previous

51
00:05:59,740 --> 00:06:07,480
template will auto enroll again for the new template once new certificates with the correct validity

52
00:06:07,480 --> 00:06:12,890
period have replaced the previously issued certificates.

53
00:06:12,910 --> 00:06:21,790
You should revoke all user a certificate from the existing template so that users can not use them.

54
00:06:21,790 --> 00:06:29,770
If you modify their validity period of the existing template new auto enrolment against the template

55
00:06:30,400 --> 00:06:38,770
will have the correct sentence but previously issued certificates will still contain the undesired validity

56
00:06:38,770 --> 00:06:39,900
period.

57
00:06:39,940 --> 00:06:47,080
Modify the auto enrolment sentence on the existing template is not necessary and would not achieve the

58
00:06:47,080 --> 00:06:48,280
desired effect.

59
00:06:50,170 --> 00:06:58,970
No next stop will be talking about what are of certificates and certificates certificate templates.

60
00:06:58,990 --> 00:06:59,970
I'll see you there.