To resolve this issue, give the user permission to manage the CA. To grant this access to a non-administrative account, follow these steps:
- Open the CA snap-in.
- Right-click Certificate Authority Root and click Properties.
- Click the Security tab.
- Add the user who needs access and grant that user the required permissions.
To give a non-administrative account permission to remotely manage a CA, follow these steps:
- Open the CA, click Run, and then type Regedt32.
- Navigate to the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths
- Open the Machine key and at the bottom of the key add the following value:SYSTEM\CurrentControlSet\Services\CertSvc\Configuration
- Click Save.
Article ID: 271470 - Last Review: Feb 28, 2007 - Revision: 1