Error reading certificate private key when permissions applied through Domain Local Groups



I'm pretty sure this might not be a certificate problem per-se so I'm
posting to this newsgroup too.


We are attempting to use Domain Local Groups to restrict permissions to a
certificate private key.

We have a service account provisioned into a Domain Global Group, and then
have the Domain Global Group added to a Domain Local Group, and then apply
the Domain Local Group to the private key properties granting read, and read
& execute.

We than have an account that runs an ASP application that tries to read the
private key - if the account is given access through the DLG - it fails with
a file permission access denied, if it is given access directly, or if the
Everyone group is applied - it succeeds.

Is this a known bug, and is there a way around it?

Thanks!

Jediah L.


.



Relevant Pages

  • Re: add user to group in a separate forest in Server 2003
    ... Run dcdiag, netdiag and repadmin in verbose mode. ... account slow links to dc's will also add to the testing time. ... In ADUC for domainB if I click on Schema admins 'Members' tab I do not ... Now how do I add the domain local group in domainB to the schema ...
    (microsoft.public.windows.server.active_directory)
  • Re: Inter Forest Migration & SidHistory PB
    ... administrators you still do not have admin permissions on workstations and ... Create a domain local group in the source, add domain admins from the target ... > All Is working totaly good when I migrate an account or a groups (machine ...
    (microsoft.public.windows.server.active_directory)
  • Re: Applying local policies to a specific account on a workgroup i
    ... You are not missing anything. ... Outside of a domain local group policy applies to all accounts. ... >>> The only thing I want the user account to be able to do is use ...
    (microsoft.public.windowsxp.security_admin)
  • RE: issue with Child and Parent Domains
    ... valid account in that domain. ... You cannot logon to a domain in which you ... Replication of Schema and Configurations naming contexts replicates between ... > Or does a Domain local group need to be created on the CD, with the user accounts of PD added? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Delegation and Taskpads
    ... and unlock an account for the domain to a domain local group. ... But when creating a taskpad I can only get it to reset the password. ... Is there anyway to get it to unlock accounts also? ...
    (microsoft.public.windows.server.active_directory)