Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, January 8, 2010 7:45 AM
Hello,
we have an application which is requiring access to the Local Computer Certificates store. Of course if this app is running under administrator credentials everything is fine, but we need to restrict this to a specific user.
Is there any way to give rights on this Certificates Store for a specific user OR what rights shall I asign to that user in order to see the Certificate Stores?
Many thanks for any idea/help/suggestion,
All replies (11)
Friday, January 8, 2010 5:34 PM âś…Answered | 2 votes
I see now what is your problem,
One way how to open a Local Computer store with MMC by a user that is not an administrator, is to open a previously saved console. The process is like this:
- As administrator open MMC | Certificates | Local Computer
- Save the console (Ctrl+S) with name Certificates - Local Computer.msc
- As user open MMC and open Certificates - Local Computer.msc
HTH
Martin
Friday, January 8, 2010 9:10 AM | 1 vote
you can try to open Certificates snap-in focused on Local Computer store, select required certificate, All Tasks -> Manage Private Keys. Here you can assign necessary permissions.http://www.sysadmins.lv
Friday, January 8, 2010 9:57 AM
Hi,
i've seen and tried this option before, but i cant find any option called "All Tasks -> Manage Private Keys"...
brgds,
Friday, January 8, 2010 10:55 AM
when you right-click on certificate this menu should appear. Of course this will appear if certificate has private key.
Friday, January 8, 2010 11:26 AM
What operating system are you referring to? Keep in mind that this forum is for Windows Server security, not Windows Client security.
Paul Adare CTO IdentIT Inc. ILM MVP
Friday, January 8, 2010 12:03 PM | 1 vote
Hi,
for Windows 2000 / 2003 check out http://support.microsoft.com/kb/278381/en-us
HTH
Martin Rublik
Friday, January 8, 2010 3:32 PM
What operating system are you referring to? Keep in mind that this forum is for Windows Server security, not Windows Client security.
Paul Adare CTO IdentIT Inc. ILM MVP
I am trying to do this on W2k3 R2.
Well, if on XP is easier i can move the app on it.
thanks
Friday, January 8, 2010 4:05 PM
Hi,
for Windows 2000 / 2003 check out http://support.microsoft.com/kb/278381/en-us
HTH
Martin Rublik
hi
the thing is that i can only see the Certificates for the Current User, i dont have the option to choose "Local Computer"...
Accoring to MS this is by default: only Administrators can see the Local Computer, but i thought there is a workarround...
:-(
thanks
Friday, January 8, 2010 4:15 PM
*> the thing is that i can only see the Certificates for the Current User, i dont have the option to choose "Local Computer"...
*
you need to configure these permissions using administrator account. However this option appears on Windows Vista (2008) and higher. There is no way to configure permissions for earlier operating systems via MMC.
You can use Martin's link to modify permissions for your user account.
http://www.sysadmins.lv
Friday, January 8, 2010 4:22 PM
*> the thing is that i can only see the Certificates for the Current User, i dont have the option to choose "Local Computer"...
*
you need to configure these permissions using administrator account. However this option appears on Windows Vista (2008) and higher. There is no way to configure permissions for earlier operating systems via MMC.You can use Martin's link to modify permissions for your user account.
http://www.sysadmins.lv
thanks for your answers
I added that user with full permisions using the ACL window and still cant add Local Computer during the mmc setup for Certificates....
brgds,
Friday, January 8, 2010 4:35 PM
You cannot grant another user to open Certificates snap-in focused on Local Computer. This KB describes how you can grant user to use certificates in local machine store.