Hello! I've set up Active Directory Certificate Services on my domain running Windows Server 2008 R2, and have made copies of the 'Basic EFS' and 'EFS Recovery Agent' templates, and superseded them with the copies, since I want to use 4096-bit RSA and SHA256 instead of the defaults. The problem is, when I go to create a new EFS certificate on a client computer, the new template is ignored, and the CA follows the default template, resulting in a 2048-bit key. Is there any way to force the new template to be used? Thanks!

Hello, i suggest to post this into the security forum: http://social.technet.microsoft.com/Forums/en/winserversecurity/threadsBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hi, Have you enabled the new certificate templates on the CA? Please refer to the "Publishing Certificate Templates" section at http://technet.microsoft.com/en-us/library/cc770794(WS.10).aspx Hope it helps. This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.