4.1.1.2 GetPoliciesResponse Response

 <s:Envelope
   xmlns:a="http://www.w3.org/2005/08/addressing"
   xmlns:s="http://www.w3.org/2003/05/soap-envelope">
   <s:Header>
     <a:Action s:mustUnderstand="1">
 http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy/IPolicy/GetPoliciesResponse
     </a:Action>
   </s:Header>
   <s:Body
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <GetPoliciesResponse   xmlns="http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy">
       <response>
         <policyID>{083C7011-1D0A-4855-885D-AC945184658C}</policyID>
         <policyFriendlyName>Contoso Enrollment Policy</policyFriendlyName>
         <nextUpdateHours>8</nextUpdateHours>
         <policiesNotChanged xsi:nil="true"/>
         <policies>
           <policy>
             <policyOIDReference>9</policyOIDReference>
             <cAs>
               <cAReference>0</cAReference>
             </cAs>
             <attributes>
               <commonName>EFS</commonName>
               <policySchema>1</policySchema>
               <certificateValidity>
                 <validityPeriodSeconds>31536000</validityPeriodSeconds>
                 <renewalPeriodSeconds>3628800</renewalPeriodSeconds>
               </certificateValidity>
               <permission>
                 <enroll>true</enroll>
                 <autoEnroll>false</autoEnroll>
               </permission>
               <privateKeyAttributes>
                 <minimalKeyLength>2048</minimalKeyLength>
                 <keySpec>1</keySpec>
                 <keyUsageProperty xsi:nil="true"/>
                 <permissions xsi:nil="true"/>
                 <algorithmOIDReferencexsi:nil="true"/>
                 <cryptoProviders>
                   <provider>
                     Microsoft Enhanced Cryptographic Provider v1.0</provider>
                   <provider>
                     Microsoft Base Cryptographic Provider v1.0</provider>
                 </cryptoProviders>
               </privateKeyAttributes>
               <revision>
                 <majorRevision>3</majorRevision>
                 <minorRevision>1</minorRevision>
               </revision>
               <supersededPolicies xsi:nil="true"/>
               <privateKeyFlags nil="true"/>                           
               <subjectNameFlags nil="true/>
               <enrollmentFlags nil="true"/>
               <generalFlags nil="true"/>
               <hashAlgorithmOIDReference xsi:nil="true"></hashAlgorithmOIDReference>
               <rARequirements xsi:nil="true"/>
               <keyArchivalAttributes xsi:nil="true"/>
               <extensions>
                 <extension>
                   <oIDReference>5</oIDReference>
                   <critical>false</critical>
                   <value></value>
                 </extension>
                 <extension>
                   <oIDReference>6</oIDReference>
                   <critical>false</critical>
                   <value>
                     MCAGCCsGAQUFBwMCB…YBBAGCNwoDBA==
                   </value>
                 </extension>
                 <extension>
                   <oIDReference>7</oIDReference>
                   <critical>true</critical>
                   <value>
                     AwIFoA==
                   </value>
                 </extension>
               </extensions>
             </attributes>
           </policy>                    
         </policies>
       </response>
       <cAs>
         <cA>
           <uris>
             <cAURI>
               <clientAuthentication>8</clientAuthentication>
               <uri>https://9-1351c1223a.dom9-1351c1223a.nttest.microsoft.com/EntRootCA_CES_Certificate/service.svc/CES</uri>
               <priority>1</priority>
               <renewalOnly>false</renewalOnly>
             </cAURI>
             <cAURI>
               <clientAuthentication>4</clientAuthentication>
               <uri>https://9-1351c1223a.dom9-1351c1223a.nttest.microsoft.com/EntRootCA_CES_UsernamePassword/service.svc/CES</uri>
               <priority>1</priority>
               <renewalOnly>false</renewalOnly>
             </cAURI>
             <cAURI>
               <clientAuthentication>2</clientAuthentication>
               <uri>https://9-1351c1223a.dom9-1351c1223a.nttest.microsoft.com/EntRootCA_CES_Kerberos/service.svc/CES</uri>
               <priority>1</priority>
               <renewalOnly>false</renewalOnly>
             </cAURI>
           </uris>
           <certificate>
             MIID4TCCAsmgAwI…Cz1HRi2TpCY3OlJLUPG/+Nw==
           </certificate>
           <enrollPermission>true</enrollPermission>
           <cAReferenceID>0</cAReferenceID>
         </cA>
       </cAs>
       <oIDs>                  
         <oID>
           <value>1.3.6.1.4.1.311.20.2</value>
           <group>6</group>
           <oIDReferenceID>5</oIDReferenceID>
           <defaultName>Certificate Template Name</defaultName>
         </oID>
         <oID>
           <value>2.5.29.37</value>
           <group>6</group>
           <oIDReferenceID>6</oIDReferenceID>
           <defaultName>Enhanced Key Usage</defaultName>
         </oID>
         <oID>
           <value>2.5.29.15</value>
           <group>6</group>
           <oIDReferenceID>7</oIDReferenceID>
           <defaultName>Key Usage</defaultName>
         </oID>
         <oID>
           <value>
        1.3.6.1.4.1.311.21.8.3800100.3166153.13323660.9808540.8334961.78.1.6
           </value>
           <group>9</group>
           <oIDReferenceID>9</oIDReferenceID>
           <defaultName>Basic EFS</defaultName>
         </oID>                  
       </oIDs>
     </GetPoliciesResponse>
   </s:Body>
 </s:Envelope>