In Microsoft Exchange 2000 Server, you had to manually add the certificate templates of Enrollment Agent (Computer), Exchange User, and Exchange Signature Only certificates before installing Key Management Server (KMS). In Exchange Server 2003, KMS is no longer used and the Users certificate that is installed by default has the following functions:
Encrypting File System
Secure E-Mail (both signature and encryption)
Client Authentication
Because the “generic” users certificate now has these functions bundled into a single certificate, you’ll find that the default installation of Certificate Services in Windows Server 2003 should meet most of your needs as far as your users are concerned.
However, at some point you might need to install additional certificate templates to issue certificates for other needs. You can easily accomplish this in the CA snap-in. To add another certificate template to those already there by default, right-click the Certificate Template folder in the Certification Authority snap-in, point to New, and select Certificate Template To Issue. The dialog box shown in Figure 25-31 appears. In this dialog box, you can choose, by default, from the following templates:
Figure 25-31: Choosing a certificate template.
Authenticated Session
CEP Encryption
Code Signing
Enrollment Agent
Exchange Enrollment Agent (offline request)
Enrollment Agent (Computer)
Exchange Signature Only
Exchange User
IPSec
IPSec (offline)
Router (offline)
Smartcard Logon
Smartcard User
Trust List Signing
User Signature Only
These are default certificate templates installed with Certificate Services:
EFS Recovery Agent
Basic EFS
Domain Controller
Web Server
Computer
User
Subordinate Certification Authority
Administrator