Configure Template Validity Period
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
If you are using an enterprise NAP certification authority (CA) to issue health certificates, you must allow Health registration Authority (HRA) to override the certificate validity period that is configured in the template.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).
Configure template validity period override
Use the following procedure to allow the CA to issue the new health certificate template. This procedure applies to an enterprise NAP CA only.
To allow template validity period override
On the NAP CA, click Start, click Run, right-click Command Prompt, and then click Run as administrator.
In the command window, type Certutil.exe -setreg policy\EditFlags +EDITF_ATTRIBUTEENDDATE, and then press ENTER.
In the command window, type net stop certsvc && net start certsvc, and then press ENTER.
Verify that Active Directory Certificate Services (AD CS) stops and starts successfully.
See Also
Concepts
Create Health Certificate Templates
Configure an HRA Server for NAP