question

RishiAggarwal avatar image
0 Votes"
RishiAggarwal asked RishiAggarwal commented

CertEnroll folder permission needs a change

Currently, we are using Windows Server 2019 for Certificate Services and as of now this folder's permissions are set to "Everyone" as read-only. We wanted to change this permission to the "authenticated users". if would change this permission to "authenticated users" will this change breaks anything?

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered RishiAggarwal commented

Hi RishiAggarwal,

Thank you for your question.

the information in the certenroll folder should be considered public information and therefore anonymous access is not an issue.

Your certificates already have HTTP CDP and AIA built in. If you switch to a file-based CDP, which I would never recommend due to interoperability issues with a non-Windows machine, you would have to reissue the certificates.

I recommend that you check the topics below that deal with a problem similar to yours, I believe it will be useful:

https://social.technet.microsoft.com/Forums/windows/en-US/64f4957c-be45-4ae7-9157-3bcde92cb4e9/cert-enrollment-folder-permissions?forum=winserverDS

https://social.technet.microsoft.com/Forums/windowsserver/en-US/fd9bcba3-54be-4748-986e-573d46a17f88/certenroll-folder-missing-from-domain-share?forum=winserverDS



If the answer is helpful, please vote positively and accept as an answer.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.