Re: View certificate database

From: Deweirt Steven (sdeweirt_at_hotmail.com)
Date: 04/29/03 

Date: Tue, 29 Apr 2003 10:19:26 +0200

Can somebody help I want to know if the mapping between a user certificate
and user happens on the SID are what?
Because if I delete the user and recreate it with the same name he has back
access to the certificate secured objects.

Thx

"youpski" <youpski@remove_hotmail.com> wrote in message
news:004401c30e16$5bf94cc0$3401280a@phx.gbl...
> Yes, that is what you would think. Authenticated Users
> has read access there by default. Still. no authenticated
> user can access the database. So the problem lies
> somewhere else.
>
> thnx anyway Y
>
>
> >-----Original Message-----
> >You need to provide Read access to the desired users or
> group. You can do
> >that in the Security tab of the CA snapin
> >
> >--
> >This posting is provided "AS IS" with no warranties and
> confers no rights.
> >Use of any included samples is subject to the terms
> specified at
> >http://www.microsoft.com/info/copyright.htm"
> >"youpski" <youpski@remove_hotmail.com> wrote in message
> >news:03a301c30d8f$b8a855b0$3001280a@phx.gbl...
> >> Hello, how do I allow or delegate non-administrators to
> >> view the Certificate Database on a CA server. When you
> >> are not a member of the local Administrators group on
> the
> >> CA server you receive an "Access Denied" 0x5 when
> >> openeing the Certification Authority snap in on a
> remote
> >> computer. When you are a member of the Administrators
> >> group on the CA server you can view the database (no
> >> Access Denied error) but you can also revoke
> certificates
> >> and alter the database settings. I want other people to
> >> just view the database using the MMC snap in on their
> >> local machine. View the pending-,issued- and failes
> >> requests on the CA server... they may not alter the
> >> database or the settings, just view it.
> >>
> >> thnx Y
> >
> >
> >.
> >

Relevant Pages

  • Re: Enabling a Certificate template
    ... domain would require both the laptops certificate and the users domain login ... For the certification service to work in this way requires Server ... > You can mitigate that by removing authenticated users from the add ... Permissions for autoenrollment can also be given to computers. ...
    (microsoft.public.security)
  • Re: Computer and User Certificates Issues
    ... I have double checked the permissions on each duplicate certificate, ... Authenticated Users = Read ... Domain Computers = Read, Enroll, Autoenroll ... I have checked the Failed Requests folder on the CA and there are no failed ...
    (microsoft.public.security)
  • Re: Issuing Certificates
    ... Enterprise CA is configured to issue "User" certificate template (CA ... Authenticated users have enroll permission on "User" certificate template ...
    (microsoft.public.win2000.security)
  • Re: IIS Certificate Mapping password retreival
    ... certificate, they have to authenticate themselves to Windows. ... SubjectAlternate field) of the client certificate that gets issued. ... Then, when the AD mapping occurs, the Windows username gets extracted from ... > with ADCert Mapping" thread in this newsgroup). ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS Certificate Mapping password retreival
    ... themselves get stored in AD when you do the AD Mapping. ... Then install Cert Server as a root Enterprise CA ... "Active Directory Mapping" for more details.)" ... when the IIS server receives a certificate ...
    (microsoft.public.inetserver.iis.security)