Update Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md

Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md

@@ -6,11 +6,17 @@ This document outlines the Microsoft-recommended best practices for deploying a
 
     In this case, `LAB-CA-01` is the Root CA, while `LAB-CA-02` is the Intermediary/Subordinate CA.  You can add more than one subordinate CA if you desire redundancy in your environment.
 
+!!! note "Assumptions"
+    It is assumed that you understand how to set up a Windows Server 2022/2025 bare-metal or as a VM.  You should give it at least 4GB of RAM.  It is also assumed that you will [change the edition of Windows Server from "*Evaluation*" to a "*Standard*"](https://docs.bunny-lab.io/Workflows/Windows/Change%20Windows%20Edition/) via DISM.  Fully updating the server prior to beginning is also advised.  Lastly, ensure the timezone is correctly configured.
 
-2. Offline Root CA Setup
+### Offline Root CA `LAB-CA-01` Setup
-Steps:
+- Provision, change edition, and activate a non-domain-joined Windows Server 2022 machine
-1. Provision a non-domain-joined, isolated Windows Server.
+- Navigate to "**Server Manager > Manage > Add Roles and Features**"
-2. Install AD CS role as a Standalone Root CA.
+    - Check "**Active Directory Certificate Services**"
+        - When prompted to confirm, click the "**Add Features**" button
+        - Ensure the "**Include management tools (if applicable)**" checkbox is checked.
+    - 
+Install AD CS role as a Standalone Root CA.
 3. Use RSA 4096-bit key, SHA-256, 10-year validity.
 4. Configure AIA and CDP extensions with HTTP paths.
 5. Publish root cert and CRL to AD and internal HTTP.