locked
What permissions must be assigned? RRS feed

  • Question

  • "When the HRA is installed on a server that is not the issuing CA, specific permissions must be given to the HRA  machine name"

     

    What is meant by that in the IPsec step by step document?

     

    What exact permissions must be assigned?  And where?

    Friday, October 26, 2007 2:48 AM

Answers

  • Hi Susan,

     

    This is done in the CA console. For example, if the name of your CA computer is ca.contoso.com and the HRA machine is on a different machine named hra.contoso.com, you would right-click the CA name in the CA console and click properties. In the properties window, click the Security tab, and then click Add.

     

    Since "Computers" is not one of the object types you can choose by default, you will need to click Object Types, select Computers, and click OK.

     

    Now you can type the name of your HRA under Enter the object names to select. Type "hra" and click OK - it should find this machine in the domain and add it to the list for specifying permissions. Now just allow the Issue and Manage Certificates, Manage CA, and Request Certificates permissions.

     

    Let me know if you are running into problems.

     

    -Greg

     

    Friday, October 26, 2007 4:13 PM