When I connect to the MMC of the CA, under "certificate templates" it lists all of the current templates... it displays a few columns such as "template display name" and minnimum supported CA's, version... and it has a column called authenrollmentwhich either says the template is "now allowed" or "allowed" to autoenrol -- however when I look at the properties of these templates, specificallythe templates that say ALLOWED... under the security TAB the "auto-enrolment" is NOT ticked for ANY user account... so why does it say autoenrollmentis allowed, is this set somewhere else? OR -- is it because "enrol" is ticked?thanks guys Luke.

second question: when you first click on certificate templates, it lists some templates,when you click MANAGE it displays all of them, my question is -- the list BEFORE you click manage, is this the list of currently deployed certificates?because when i click manage it shows some templates as "auto-enrollment allowed" however when you go back to the first screen (not the manage screen)some of those certificates do not appear on the screen.god I hope i am making sense lolthanks guys,Luke.

Simple answers...1) Autoenrollment is only available for V2 or V3 templates. It basically states that you *could* implement autoenrollment \for these templates.2) The list of templates when you click the Certificate Templates container in the Certification Authority console is the list of available templates at *that* CA. When you choosed to add new templates, you now see all templates that are available for publication in the forest, that are *not* currently published at the current CA.Brian