Article ID: 278381 - View products that this article applies to.
This article was previously published under Q278381
The MachineKeys folder stores certificate pair keys for both the computer and users. Both Certificate services and Internet Explorer use this folder. The default permissions on the folder may be misleading when you attempt to determine the minimum permissions that are necessary for proper installation and the accessing of certificates.
The MachineKeys folder is located under the All Users Profile\Application Data\Microsoft\Crypto\RSA folder. If the administrator did not set the folder to the minimum level, a user may receive the "Failed to Generate Certificate Request" and "Internal Server Error: The Private Key that you are importing might require a cryptographic service provider that is not installed on your system" error messages when the user generates a server certificate by using Microsoft Internet Information Server (IIS). The following settings are the default permissions for the MachineKeys folder:
Administrators (Full Control) This folder only Everyone (Special) This folder only
To view the special permissions for the Everyone group, right-click the MachineKeys folder, click Advanced on the Security tab, and then click View/Edit. The permissions consist of the following permissions:
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/271071/ )How to set required NTFS permissions and user rights for an IIS 5.0, IIS 5.1, or IIS 6.0 Web server
(https://support.microsoft.com/kb/812614/ )Default permissions and user rights for IIS 6.0
Article ID: 278381 - Last Review: January 25, 2012 - Revision: 7.0