Thank you for the lab (up to part 6 its all working fine)
Great to hear it !
Just a short question: how can I add templates? My PaloAlto FW needs the Subordinate Certification Authority template for inspecting network traffic. It is only with "new - certificate template to issue"? (This sounds too easy 🙂 )
in Certsrv.msc on the IssuingCA right click on Certificate Templates, and choose Manage, you can then select a known Certificate Template (for example Workstation Authentication) that matches what is required for your FW, check the documentation of the FW to see exactly what type of certificate it requires and duplicate it by chgoosing Duplicate Template
then rename it to your needs and adjust it to suit the FW requirements
and as for your other question, see this answer from Technet.
According to https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/prepare-the-capolicy-inf-file the LoadDefaultTemplate flag only applies to an enterprise CA.
My assumption is that if you set up a standalone, the templates will be loaded nevertheless.
LoadDefaultTemplates only applies during the install of an Enterprise CA. This setting, either True or False (or 1 or 0), dictates if the CA is configured with any of the default templates.