none
ADCS Template Permissions Issue RRS feed

  • Question

  • All,

    I have a 2019 standard subordinate/issuing CA that I recently migrated from 2008R2.  Everything is functioning correctly except that my permissions on all templates seems to be incorrect.  I am logged in as an Enterprise Admin, and I am able to deploy templates.  I cannot, however, change permissions on the templates (in Manage Templates), nor can I duplicate them or alter them in any way.  Additionally, I have assigned my individual user account Full Control over the Templates and OID containers via ADSIedit

    https://terrytlslau.tls1.cc/2013/07/managing-all-certificate-templates-and.html

    Any ideas on how I can regain control of the templates?  Thanks.

    Roger

    Wednesday, September 11, 2019 6:24 PM

All replies

  • Hi,

    Thanks for posting in our forum.

    I tested in my lab and the steps working for me, even I can not edit the security setting of default templates, but I can use my test account duplicate a new templates and the test account have permission to edit the new template.

    For further troubleshoot, I will suggest you follow the following steps:

    Verify the current security settings of default templates, check if Enterprise Admins group have Read/Write/Enroll permissions.

    Verify the current membership of the admin account.

    If all of above are correct, but still not working, you can try to modify template permission manually via ADSI editor.

    Best Regards,

    William


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 12, 2019 7:24 AM
  • Hi,

     

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

     

    Best Regards,

    William

     


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 17, 2019 6:48 AM
  • Hi,

     

    Was your issue resolved?

     

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

     

    Best Regards,

    William


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 25, 2019 2:55 AM