Managing Published certificates in ADU

Janosch 1 Reputation point

Hi all,
i'm currently facing an issue, where I'm totally stuck with my research.

In our domain, I've got a bunch of Users where I can not manage the published certificates in ADUC.

What I do is:
Open Properties of a User
Click on "Published Certificates"
Get this infobox:
"You do not have sufficient rights to open the certificate store for changes. Windows will attempt to open the store in read-only mode."

On one hand side, the message is really clear, but on the other side, I just don't know where to change the permissions.

I face this issue, only on persons which have domain admin rights, but nothing change after removing them from the group (even after days not).

I would be thankful for any hint!

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,684 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Fan Fan 15,276 Reputation points Microsoft Vendor

    Which user did you used to Manage Published certificates in ADUC?
    Did you have the same issue if you use the built-in administrator or members in the administrators group?
    Best Regards,

  2. MTG 1,186 Reputation points

    Same here. Solution is to start mmc (and load the ADUC snapin) as computer account, in my case as system account on the DC that happens to be the CA.

    0 comments No comments

  3. Janosch 1 Reputation point

    Sorry for the late reply, but I've found a solution quite some time ago.

    In our case there was a "Deny" permission entry on "Write userCertificate" in the secuirty settings of the specific users.

    0 comments No comments