Leaderboard

Thanks for the link, and the lab is definitely very useful and better than some other ones I've seen. I'll go through it some more. It seems like there's very little info on this specific aspect available on the internet regarding CApolicy.inf. I'm probably overthinking it but don't want to get it wrong. In other examples like Brian Komars book I see he adds more info under [certsrv_server] like "CRLPeriod", "CRLPeriodUnits", etc. and was wondering if there was a reason they were excluded on yours, if they are no longer needed or are set elsewhere, or if it's just due to it being a lab environment and those are the bare minimum settings needed for CAPolicy.inf EDIT: Just so other people who have the same question, I was able to find out that the only thing the CApolicy is needed for is to overwrite the few parameters that otherwise can't be configured via Powershell/GUI. So you're probably going to find a whole array of CApolicy files that are all technically correct, production-quality, they just contain varying levels of detail, and it's actually better to set them using CERTUTIL instead of defining them in the CAPolicy.inf file.