Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Configure certificate manager restrictions

Updated: January 21, 2005

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To configure certificate manager restrictions

  1. Log on to the system as a Certification Authority Administrator.

  2. Open Certification Authority.

  3. In the console tree, click the name of the certification authority (CA).


    • Certification Authority (Computer)/CA name

  4. On the Action menu, click Properties.

  5. On the Certificate Manager Restrictions tab, click Restrict certificate managers.

  6. In Available certificate managers, select the certificate manager subject or group you want.

  7. Click Add to add groups, users or computers to manage for the selected certificate manager.


  • To open Certification Authority, click Start, click Control Panel, double-click Administrative Tools, and then double-click Certification Authority.

  • If a CA is running on a member server and the Restrict certificate managers property is enabled, then the member server needs to be added to the Pre-Windows 2000 Compatible Access built-in group of every domain from which it will receive certificate requests. Once added to these groups, the administrator of the CA is allowed to issue a certificate for subjects in those domains.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2014 Microsoft. All rights reserved.