# DC Template
## AppConfig:ActiveDirectory:DC:Enabled
*Linux: AppConfig\_\_ActiveDirectory\_\_DC\_\_Enabled*
**Value:** *true* or *false* (default)
**Description:** This setting enabled the certificate template `KerberosAuthentication` targeted at Domain Controllers.
## AppConfig:ActiveDirectory:page.vars.cert\_template:TemplateName
*Linux: AppConfig\_\_ActiveDirectory\_\_*page.vars.cert\_template*\_\_TemplateName*
**Value:** Certificate template name
**Description:** This setting you to choose a custom template name for this certificate template. It is displayed when you manually enroll a certificate of that template. For maximum compatibility, choose a name witho only alphanumeric characters and no blanks.
## AppConfig:ActiveDirectory:page.vars.cert\_template:GroupFilter
*Linux: AppConfig\_\_ActiveDirectory\_\_*page.vars.cert\_template*\_\_GroupFilter*
**Value:** Comma-separated list of AD groups specified by their SID
**Description:** This setting allows to limit which Active Directory group members are allowed to enroll certificates for this certificate template. If configured, it overrides the general setting [AppConfig:ActiveDirectory:GroupFilter](#appconfig-activedirectory-groupfilter).
## AppConfig:ActiveDirectory:page.vars.cert\_template:Ksps
*Linux: AppConfig\_\_ActiveDirectory\_\_*page.vars.cert\_template*\_\_Ksps*
**Value:** Semicolon-separated list of CSPs/KSPs allowed for key generation
**Description:** You can define the key storage providers in which the certificates private key might be created in. If no value is specified, all KSPs are allowed to be used, and the client decides which KSP suites best. Valid values include:
* **Microsoft Platform Crypto Provider** - Stores the private key in the device's TPM.
* **Microsoft Passport Key Storage Provider**
* **Microsoft Software Key Storage Provider** - Stores the private key on the hard drive, secured with the machine key.
* **Microsoft Smart Card Key Storage Provider** - Stores the private key on a smart card.