handling certificate template using PowerShell

Hi,

I'm using the following script in order to create a certificate template. It is working, But there are some points that I'm failing to handle:

1) After creating the new certificate template using the script, I opened the Extentions tab and tried to click Edit, but the button doesn't respond and nothing opens. Can you please explain to be this behaviour? By the way, by creating the certificate template manually, clicking the Edit button opens a window.

2) Regarding the Security:

• How can I remove a group by <group name>?
• How can I change the authorizations (Allow) of an exist group (For example, I need to allow ONLY Read and Write on the Enterprise Admins group)?

My Script:

$ConfigContext = ([ADSI]"LDAP://RootDSE").ConfigurationNamingContext
$ADSI = [ADSI]"LDAP://CN=Certificate Templates,CN=Public Key Services,CN=Services,$ConfigContext"

$NewTempl = $ADSI.Create("pKICertificateTemplate", "CN=SystemHealthAuthentication6")
$NewTempl.put("distinguishedName","CN=SystemHealthAuthentication6,CN=Certificate Templates,CN=Public Key Services,CN=Services,$ConfigContext")
# and put other atributes that you need

$NewTempl.put("flags","131680")
$NewTempl.put("displayName","System Health Authentication6")
$NewTempl.put("revision","100")
$NewTempl.put("pKIDefaultKeySpec","1")
$NewTempl.SetInfo()

$NewTempl.put("pKIMaxIssuingDepth","0")
$NewTempl.put("pKICriticalExtensions","2.5.29.15")
$NewTempl.put("pKIExtendedKeyUsage","1.3.6.1.4.1.311.47.1.1, 1.3.6.1.5.5.7.3.2")
$NewTempl.put("pKIDefaultCSPs","1,Microsoft RSA SChannel Cryptographic Provider")
$NewTempl.put("msPKI-RA-Signature","0")
$NewTempl.put("msPKI-Enrollment-Flag","32")
$NewTempl.put("msPKI-Private-Key-Flag","67371264")
$NewTempl.put("msPKI-Certificate-Name-Flag","134217728")
$NewTempl.put("msPKI-Minimal-Key-Size","2048")
$NewTempl.put("msPKI-Template-Schema-Version","4")
$NewTempl.put("msPKI-Template-Minor-Revision","0")
$NewTempl.put("msPKI-Cert-Template-OID","1.3.6.1.4.1.311.21.8.7638725.13898300.1985460.3383425.7519116.119.16408497.1716 293")
$NewTempl.put("msPKI-Certificate-Application-Policy","1.3.6.1.4.1.311.47.1.1, 1.3.6.1.5.5.7.3.2")

$NewTempl.SetInfo()

$WATempl = $ADSI.psbase.children | where {$_.displayName -match "Workstation Authentication"}

#before
$NewTempl.pKIKeyUsage = $WATempl.pKIKeyUsage
$NewTempl.pKIExpirationPeriod = $WATempl.pKIExpirationPeriod
$NewTempl.pKIOverlapPeriod = $WATempl.pKIOverlapPeriod
$NewTempl.SetInfo()

Please, I need your help,

Regards,

Bader