Re: Certificate template modifying

From: Shawn Corey [MSFT] (shawncor_at_online.microsoft.com)
Date: 09/24/04 

Date: Thu, 23 Sep 2004 18:27:25 -0700

Miha is correct that only 2003 Enterprise Edition will issue V2 templates
but you should still be able to edit them on Standard Server, or even XP
with the adminpak installed. What user were you logged in as when you tried
to edit the templates, were you a Domain or Enterprise Admin or Local Admin? 

-- 
Thanks,
Shawn
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at 
http://www.microsoft.com/info/cpyright.htm
"schapman" <schapman@inlandkwpp.com> wrote in message 
news:4mk6l0h1jmrgjbd72reasfbcpru2fq1mm7@4ax.com...
> Well. that explains it :) Time to see if we have any licenses of
> enterprise I guess.
>
> On Thu, 23 Sep 2004 23:10:24 +0200, "Miha Pihler"
> <mihap-news@atlantis.si> wrote:
>
>>To answer second part of your question. Yes, it is possible to allow
>>certaing users to access only certain templates. Again you will need 
>>Windows
>>2003 Enterprise setup of Windows CA. Then you can use permissions to allow
>>users to access only certain templates or use auto-enrollment based on 
>>users
>>permissions.
>>
>>Check links in my previous post. Specically "Implementing and 
>>Administering
>>Certificate Templates in Windows Server 2003"
>>
>>Mike
>>
>>"Miha Pihler" <mihap-news@atlantis.si> wrote in message
>>news:%23MtpUEboEHA.800@TK2MSFTNGP14.phx.gbl...
>>> Hi,
>>>
>>> Version 2 certificate templates (edited templates) can only be used to
>>issue
>>> certificates on CA
>>> server that was installed on Windows 2003 Enterprise Edition (not on
>>Windows
>>> 2003 Standard Edition).
>>> CA server also has to be setup as Windows 2003 Enterprise CA service
>>> (integrated in AD) not as Windows 2003 standalone CA server.
>>>
>>> Implementing and Administering Certificate Templates in Windows Server
>>2003
>>>
>>http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspx
>>>
>>> Best Practices for Implementing a Microsoft Windows Server2003 Public 
>>> Key
>>> Infrastructure
>>>
>>http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
>>>
>>> PKI Enhancements in Windows XP Professional and Windows Server 2003
>>> http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx
>>>
>>> Windows Server 2003 PKI Operations Guide
>>>
>>http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx
>>>
>>> Managing a Windows Server 2003 Public Key Infrastructure
>>>
>>http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx
>>>
>>> Advanced Certificate Enrollment and Management
>>>
>>http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx
>>>
>>> Mike
>>>
>>> "schapman" <sean.chapman@gmail.com> wrote in message
>>> news:b9ddedc8.0409231251.6d586645@posting.google.com...
>>> > I set up a windows 2003 server and am trying to use it as a
>>> > Certificate Authority. I gave it a name, put it on the domain, and can
>>> > issue certificates with no problem. However, I'm trying to modify a
>>> > certificate template so that I can disable the option to mark keys as
>>> > exportable. When I try and load up certtmpl.msc, I get the following
>>> > error:
>>> >
>>> > Windows could not create the object identifier list. This computer is
>>> > not joined to a domain. Certificate templates are not available.
>>> >
>>> > I don't really understand whats going on here as the computer is on
>>> > the domain. I tried uninstalling the certificate authority, taking the
>>> > machine off the network, re-adding it, and re-installing the
>>> > certificate authority but I get the same issue. Any ideas would be
>>> > appreciated.
>>> >
>>> > Also, is there a way to have it so that certain people requesting
>>> > certificates can only request a specific template while having other
>>> > users be able to pick any they want?
>>>
>>>
>>
>

Relevant Pages

  • Re: Need help configuring Wireless Connection profile
    ... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Cannot sync Windows mobile with sbs2003 server
    ... Windows Mobile OS to the SBS2003 server at work so that he can read e-mails. ... What certificate do Microsoft recommend here, and where can this be bought? ...
    (microsoft.public.pocketpc)
  • Re: Need help configuring Wireless Connection profile
    ... Now life is good in the Windows wireless world. ... now have a secure wireless setup within my small business server environment. ... "point" the info of the Radius authentication to your current Radius server. ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: EAP-TLS with windows CE
    ... credentials at the login prompt for Windows Server 2003 on the server ... The certificate is a public thing, ... When the server asks the Windows CE device to identify itself, ... I could easily steal your authentication information. ...
    (microsoft.public.windowsce.platbuilder)
  • Re: SBS Security Profile templates
    ... Do not run the Windows Server 2003 Security Configuration Wizard on Windows ... What is the "SBS Security Profile templates", ...
    (microsoft.public.windows.server.sbs)