Configure certificate manager restrictions

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To configure certificate manager restrictions

  1. Log on to the system as a Certification Authority Administrator.

  2. Open Certification Authority.

  3. In the console tree, click the name of the certification authority (CA).

    Where?

    • Certification Authority (Computer)/CA name
  4. On the Action menu, click Properties.

  5. On the Certificate Manager Restrictions tab, click Restrict certificate managers.

  6. In Available certificate managers, select the certificate manager subject or group you want.

  7. Click Add to add groups, users or computers to manage for the selected certificate manager.

Notes

  • To open Certification Authority, click Start, click Control Panel, double-click Administrative Tools, and then double-click Certification Authority.

  • If a CA is running on a member server and the Restrict certificate managers property is enabled, then the member server needs to be added to the Pre-Windows 2000 Compatible Access built-in group of every domain from which it will receive certificate requests. Once added to these groups, the administrator of the CA is allowed to issue a certificate for subjects in those domains.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Role-based administration
Certificate Services example implementation: Key archival and recovery
Key archival and recovery
Establishing key options and key archival