Managing Published certificates in ADU

Janosch 1 Reputation point
2021-05-04T08:59:19.283+00:00

Hi all,
i'm currently facing an issue, where I'm totally stuck with my research.

In our domain, I've got a bunch of Users where I can not manage the published certificates in ADUC.

What I do is:
Open Properties of a User
Click on "Published Certificates"
Get this infobox:
"You do not have sufficient rights to open the certificate store for changes. Windows will attempt to open the store in read-only mode."

On one hand side, the message is really clear, but on the other side, I just don't know where to change the permissions.

I face this issue, only on persons which have domain admin rights, but nothing change after removing them from the group (even after days not).

I would be thankful for any hint!

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,684 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Fan Fan 15,276 Reputation points Microsoft Vendor
    2021-05-05T00:22:37.62+00:00

    Hi,
    Which user did you used to Manage Published certificates in ADUC?
    Did you have the same issue if you use the built-in administrator or members in the administrators group?
    Best Regards,


  2. MTG 1,186 Reputation points
    2022-06-17T13:40:47.86+00:00

    Same here. Solution is to start mmc (and load the ADUC snapin) as computer account, in my case as system account on the DC that happens to be the CA.

    0 comments No comments

  3. Janosch 1 Reputation point
    2022-06-20T07:34:14.037+00:00

    Sorry for the late reply, but I've found a solution quite some time ago.

    In our case there was a "Deny" permission entry on "Write userCertificate" in the secuirty settings of the specific users.

    0 comments No comments