Re: Dupilcate Template Denied
From: rav (ravburano_at_hotmail.com)
Date: Wed, 17 Mar 2004 09:05:50 -0000
"Paul Adare - MVP - Microsoft Virtual PC" <email@example.com> wrote in
> In article <uh$XkkzCEHA.firstname.lastname@example.org>, in the
> microsoft.public.windows.server.security news group, rav
> <email@example.com> says...
> > The problem is that if I log into the machine hosting the CA as a member
> > with the "Manage CA" permission and I atempt to duplicate a template i
> > access is denied. Can someone tell me what permissions are need to
> > a template, I would have thought that the "Manage CA" permission would
> > someone to manage the CA!
> > Also i found that the local admin (even though I have removed the local
> > admin account and the administrators group from the CA security
> > can duplicate the template. Whats going on? Are CA templates not part of
> > administration?
> Template management is not one of the four Common Criteria roles defined
> for a CA.
> To allow someone to manage templates you must grant them Full Control to
> the following containers:
> Services\Public Key Services\Certificate Templates
> Services\Public Key Services\OID
> In addition, since inheritance is not enabled for the Certificate
> Templates container, you should also grant them Full Control on all of
> the existing templates.
> More details can be found here - http://www.microsoft.com/pki
> Paul Adare
> Moral indignation is jealousy with a halo.
> H. G. Wells, The Wife of Sir Isaac Harman