If an administrator wants to remove the Authenticated Users group, each and every CA's computer account must be added to the template ACLs and set to Read.
If authenticated users have been removed from the ACLs of a template, the following errors may be observed when the CA starts and when a certificate is requested against the template.
Errors Observed When Enrollment Is Unsuccessful:
- For the client:
Enrollment by means of a Web page:Certificate Request DeniedEnrollment by means of the Microsoft Management Console (MMC):
Your certificate request was denied.
Contact your administrator for further information.Certificate Request Wizard:
The certification authority denied the request. Unspecified error.
- For the CA:
Event ID: 53
Certificate Services denied request 9 because the requested certificate
template is not supported by this CA. 0x80094800 (-2146875392). The
request was for TED\administrator. Additional information: Denied by
Policy Module. The request was for certificate template (<template name>)
that is not supported by the Certificate Services policy.
Error on CA When Certificate Services Starts
Event ID: 78
The "Enterprise and Stand-alone Policy Module" Policy Module logged the
following error: The <template name> Certificate Template could not be
loaded. Element not found. 0x80070490 (WIN32: 1168).
ID do Artigo: 283218 - Última Revisão: 7 de jan de 2008 - Revisão: 1