:: Create a folder in the C: drive root. This folder will be used to store CA files.
md C:\CertData

:: Set CRL and CA certificate files publishing locations and extension publishing options.
certutil -setreg CA\CRLPublicationURLs "65:%windir%\system32\CertSrv\CertEnroll\%%3%%8%%9.crl\n65:C:\CertData\{Adatum}_RCA%%8.crl\n2:http://www.{adatum.com}/pki/{Adatum}_RCA%%8.crl"
certutil -setreg CA\CACertPublicationURLs "1:%windir%\system32\CertSrv\CertEnroll\%%1_%%3%%4.crt\n2:http://www.{adatum.com}/pki/{Adatum}_RCA%%4.crt"

:: If Root CA will issue OCSP signing certificate enable appropriate flags.
:: certutil -setreg CA\CACertPublicationURLs "1:%windir%\system32\CertSrv\CertEnroll\%%1_%%3%%4.crt\n2:http://www.{adatum.com}/pki/{Adatum}_RCA%%4.crt\n32:http://www.{adatum.com}/ocsp"
:: Note that if OCSP is used for Root CA uncomment previous line and comment by double colon corresponding
:: line above (certutil -setreg CA\CACertPublicationURLs <...>)

:: As long as we cannot manage CRT file publishing locations
:: we rename original name to desired and copy it to CertData folder
ren %windir%\system32\CertSrv\CertEnroll\*.crt {Adatum}_RCA.crt
copy %windir%\system32\CertSrv\CertEnroll\{Adatum}_RCA.crt C:\CertData

:: Set issued certificate maximum validity period to 10 years
certutil -setreg CA\ValidityPeriodUnits 10
certutil -setreg CA\ValidityPeriod "Years"

:: set CRL publication periods as defined in CAPolicy.inf
certutil -setreg CA\CRLPeriodUnits 90
certutil -setreg CA\CRLPeriod "Days"
certutil -setreg CA\CRLDeltaPeriodUnits 0
certutil -setreg CA\CRLDeltaPeriod "Days"
certutil -setreg CA\CRLOverlapPeriod "Weeks"
certutil -setreg CA\CRLOverlapUnits 2

:: enable AlternateSignatureAlgorithm extensions
Certutil -setreg CA\csp\AlternateSignatureAlgorithm 1

:: enable CA server full audit
certutil -setreg CA\AuditFilter 127

:: Enable OCSP Response Signing certificate support on Root CA.
certutil -v -setreg policy\editflags +EDITF_ENABLEOCSPREVNOCHECK

net stop certsvc && net start certsvc

:: Publish new CRLs.
certutil -CRL