ADCS: Manage CA roles from the cmdline


  • Hi all,

    As defined in a CA has different roles, which can be configured in the CA Properties in the Security tab.

    This is straight forward, however I want to automate the configuration and therefore I wonder, how can I script the ACL I mentioned above?


    Friday, March 10, 2017 4:55 PM


  • The CA ACL is not really the same as Enrollment Agent ACL, however you lead me into the right direction.

    Vadmins provides in his PSPKI Module the Cmdlet  Set-CASecurityDescriptor, that can be used to modify the CA ACL.


    • Marked as answer by mhedv Tuesday, March 14, 2017 2:23 PM
    Tuesday, March 14, 2017 2:23 PM

All replies