From 20728c5ad337b5df8e2f97fc27901b2846090236 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Sun, 10 Dec 2023 09:34:53 -0500
Subject: [PATCH] Update certificate template configuration in RDP sign-in2.md
---
.../identity-protection/hello-for-business/rdp-sign-in2.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/security/identity-protection/hello-for-business/rdp-sign-in2.md b/windows/security/identity-protection/hello-for-business/rdp-sign-in2.md
index 5979c0db85..50a810b7bf 100644
--- a/windows/security/identity-protection/hello-for-business/rdp-sign-in2.md
+++ b/windows/security/identity-protection/hello-for-business/rdp-sign-in2.md
@@ -69,7 +69,7 @@ The certificate template configuration is different depending on whether you dep
| Tab Name | Configurations |
| --- | --- |
| *Compatibility* | - Clear the **Show resulting changes** check box
- Select **Windows Server 2012 or Windows Server 2012 R2** from the *Certification Authority list*
- Select **Windows Server 2012 or Windows Server 2012 R2** from the *Certification Recipient list*
|
- | *General* | - Specify a **Template display name**, for example *WHfB Certificate Authentication*
- Set the validity period to the desired value
|
+ | *General* | - Specify a **Template display name**, for example *WHfB Certificate Authentication*
- Set the validity period to the desired value
- Take note of the template name for later, which should be the same as the Template display name minus spaces (*WHfBCertificateAuthentication* in this example)
|
| *Extensions* | Verify the **Application Policies** extension includes **Smart Card Logon**.|
| *Subject Name* | Select **Supply in the request**.|
|*Request Handling*|- Set the Purpose to **Signature and smartcard logon** and select **Yes** when prompted to change the certificate purpose
- Select the **Renew with same key** check box
- Select **Prompt the user during enrollment**
**Note:** If you deploy certificates with a PKCS profile, select the option **Allow private key to be exported**|
@@ -91,7 +91,7 @@ The certificate template configuration is different depending on whether you dep
| Tab Name | Configurations |
| --- | --- |
| *Compatibility* | - Clear the **Show resulting changes** check box
- Select **Windows Server 2012 or Windows Server 2012 R2** from the *Certification Authority list*
- Select **Windows Server 2012 or Windows Server 2012 R2** from the *Certification Recipient list*
|
- | *General* | - Specify a **Template display name**, for example *WHfB Certificate Authentication*
- Set the validity period to the desired value
- Take note of the Template name for later, which should be the same as the Template display name minus spaces (*WHfBCertificateAuthentication* in this example)
|
+ | *General* | - Specify a **Template display name**, for example *WHfB Certificate Authentication*
- Set the validity period to the desired value
- Take note of the template name for later, which should be the same as the Template display name minus spaces (*WHfBCertificateAuthentication* in this example)
|
| *Extensions* | Verify the **Application Policies** extension includes **Smart Card Logon**|
| *Subject Name* | - Select the **Build from this Active Directory** information button if it isn't already selected
- Select **Fully distinguished name** from the **Subject name format** list if Fully distinguished name isn't already selected
- Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**
|
|*Request Handling*|- Set the Purpose to **Signature and smartcard logon** and select **Yes** when prompted to change the certificate purpose
- Select the **Renew with same key** check box
- Select **Prompt the user during enrollment**
|