Re: Enterprise CA options greyed out.

From: Gunna <Gunna@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 4 Sep 2008 18:13:00 -0700

..Brian,

I'm not doubting you I just dont see where. But i think i know how so
please confirm. I built a new AD, created a new user account and placed it
into Domain ADmins. Confirmed that Domain Admins or this user is not a
Member of Enterprise Admins. However, the Domain Admins and the Enterprise
Admins are both a member of the Administrators Group. I assuem this is where
the access is coming from, right? Say yes and i'll accep it :)

"Brian Komar (MVP)" wrote:

Sigh...
The account you used was in the Enterprise Admins group. End of story.
How many domains in your forest? My guess is one.
Brian

"Gunna" <Gunna@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4FC918AB-8D77-4AB7-B879-301CCC6355B7@xxxxxxxxxxxxxxxx

Brian,

Found some conflicting things. Firstly as you have already said you need
to
be an Enterprise admin to install an Enterprise Root CA and if you refer
to
this article http://technet.microsoft.com/en-us/library/cc776709.aspx is
says
the same.

However,

I just built a new environment. Standard Server 2003 SP2 domain
controller
and a Standard Server 2003 SP2 for my Root CA. I logged onto the 2nd
machine
as a user with local admin to the second server only (only domain
membership
was Domain Users) and tried to install PKI and sure enough I only got the
Standalone options. I stopped the install and then logged on using an
account i created and placed only in the Domain Users and Domain Admins
groups. Then started to install Certificate services and I got both the
Enterprise and Standalone options. I then installed it completely as
Enterprise Root CA as a Domain Admin only with no visible errors or
issues.
So what is the Enterprise Admin requriment for?

"Brian Komar (MVP)" wrote:

Gunna,
In your test environment, the account is a member of the Enterprise
Admins
group (either directly or through a group nesting).
- You can run an enterprise CA on the Standard, Enteprise, or Data Center
edition SKUs
- To get full functionality, you need to run on Enterprise or Data Center
SKUs
Full Functionality includes: issue certs on V2 cert templates, Key
archival,
Brian

"Gunna" <Gunna@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6F2DAA82-E6F9-41E6-B38B-0F5660C14C94@xxxxxxxxxxxxxxxx

Thanks Paul but im afraid i am just more confused. Can you answer a
question
for me becuase I read conflicting things. You can or cannot run
Enterprise
CA or Enterprise Sub on Standard edition? What the differnece between
running Enterprise on a standard servers versus Enteprise edition
server?

And further to my original post. I am logged onto the member server as
a
member of the Domain Admin group only but I can see the option to
select
Enterprise Root or Enterprise Sub. Could I be seeing it becuase the
Domain
Admins group is a member of the Administrators group in Active
Directory?

"Paul Adare - MVP" wrote:

On Mon, 1 Sep 2008 20:01:01 -0700, Gunna wrote:

I have an issue in Production im trying to solve so I decided to
replicate
the setup using Virtual PC. I have my DC up and running, then I
setup
a
member Server running 2003 Server Standard with SP2, this is going
to
be my
replica standalone root CA.

The strange thing I get is when I go to setup Certificate services
the
options for Enterprise CA and Enterpriose subordinate are available
but
when
I set this up in production they where greyed out. I assumed they
where not
available becuase I was running Server standard but here in my lab I
isntalled Standard and the Enterprise options are available. As if
PKI
wasnt
confusing enough.

The account you're logged in with needs to be an Enterprise Admin
account.

--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
Your password is pitifully obvious.

References:
- Enterprise CA options greyed out.
  - From: Gunna
- Re: Enterprise CA options greyed out.
  - From: Paul Adare - MVP
- Re: Enterprise CA options greyed out.
  - From: Gunna
- Re: Enterprise CA options greyed out.
  - From: Brian Komar \(MVP\)
- Re: Enterprise CA options greyed out.
  - From: Brian Komar \(MVP\)

Prev by Date: Re: Restrict take ownership rights
Next by Date: Re: Restrict take ownership rights
Previous by thread: Re: Enterprise CA options greyed out.
Next by thread: Re: Enterprise CA options greyed out.
Index(es):
- Date
- Thread

Relevant Pages

Re: Problems while upgrading from SBS 2000
... "you must be a member of the domain admins, schema admins, and enterprise ... admins group". ... I get "You must be a> memeber of Domain admins, Schema admins and Enterprise> groups." ...
(microsoft.public.windows.server.sbs)
Re: SBS2k3 SP-1 "You need to be a member of the Domain admin......"
... "You must be a member of the Domain Admins, Schema Admins, and Enterprise ...
(microsoft.public.windows.server.sbs)
Re: SBS2003 SP1 install problem.
... "You must be a member of the Domain Admins, Schema Admins, and Enterprise ...
(microsoft.public.backoffice.smallbiz2000)
Re: HELP!
... "You must be a member of the Domain Admins, Schema Admins, and Enterprise ...
(microsoft.public.windows.server.sbs)
Re: Pricing for MOSS 2007
... based on whether you use a Standard or an Enterprise code). ... If you install Enterprise you have both the Standard and Enterprise CALs ... If you install Standard you are restricting yourself to Standard CALs. ...
(microsoft.public.sharepoint.portalserver)