Re: Dupilcate Template Denied

From: rav (ravburano_at_hotmail.com)
Date: 03/17/04


Date: Wed, 17 Mar 2004 09:05:50 -0000

Thanks!
"Paul Adare - MVP - Microsoft Virtual PC" <padare@newsguy.com> wrote in
message news:MPG.1ac0bb8f28987a9e9898c2@msnews.microsoft.com...
> In article <uh$XkkzCEHA.684@tk2msftngp13.phx.gbl>, in the
> microsoft.public.windows.server.security news group, rav
> <ravburano@hotmail.com> says...
>
> > The problem is that if I log into the machine hosting the CA as a member
> > with the "Manage CA" permission and I atempt to duplicate a template i
get
> > access is denied. Can someone tell me what permissions are need to
duplicate
> > a template, I would have thought that the "Manage CA" permission would
allow
> > someone to manage the CA!
> >
> > Also i found that the local admin (even though I have removed the local
> > admin account and the administrators group from the CA security
properties)
> > can duplicate the template. Whats going on? Are CA templates not part of
CA
> > administration?
> >
>
> Template management is not one of the four Common Criteria roles defined
> for a CA.
> To allow someone to manage templates you must grant them Full Control to
> the following containers:
>
> Services\Public Key Services\Certificate Templates
> Services\Public Key Services\OID
>
> In addition, since inheritance is not enabled for the Certificate
> Templates container, you should also grant them Full Control on all of
> the existing templates.
>
> More details can be found here - http://www.microsoft.com/pki
>
>
> --
> Paul Adare
> Moral indignation is jealousy with a halo.
> H. G. Wells, The Wife of Sir Isaac Harman