CAPolicy.inf syntax in Windows Server 2008 R2

The CAPolicy.inf in Windows Server 2008 R2 contains various settings that are used when installing the Active Directory Certification Service (ADCS) or when renewing the CA certificate. The CAPolicy.inf file is not required to install ADCS with the default settings, but in many cases the default settings are insufficient. The CAPolicy.inf can be used to […]

The CAPolicy.inf in Windows Server 2008 R2 contains various settings that are used when installing the Active Directory Certification Service (ADCS) or when renewing the CA certificate. The CAPolicy.inf file is not required to install ADCS with the default settings, but in many cases the default settings are insufficient. The CAPolicy.inf can be used to configure CAs in these more complicated deployments. Once you have created your CAPolicy.inf file, you must copy it into the %systemroot% folder (e.g., C:\Windows) of your server before you install ADCS or renew the CA certificate. CAPolicy.inf file uses .INF file structure to specify sections, settings, and values for those settings. This post describe all options and allow you to decide which settings meet your needs.