Disable role separation

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To disable role separation

  1. Open Command Prompt.

  2. Type:

    certutil -delreg ca\RoleSeparationEnabled

  3. Open Certification Authority.

  4. In the console tree, click the name of the certification authority (CA).

    Where?

    • Certification Authority (Computer)/CA name
  5. On the Action menu, point to All Tasks, and click Stop Service to stop the service.

  6. On the Action menu, point to All Tasks, and click Start Service to start the service.

Value Description

certutil

Specifies the name of the command-line program.

-delreg

Modifies the registry.

ca\RoleSeparationEnabled

Indicates the registry value for role separation.

Caution

  • Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on your computer.

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

  • To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.

  • To display the role separation setting, type the following at a command prompt:

    certutil -getreg ca\RoleSeparationEnabled

  • To view the complete syntax for this command, at a command prompt, type:

    certutil -delreg -?

  • To stop and restart the Certificate Services service at the command prompt, type:

    net stop certsvc

    net start certsvc

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Enable role separation
Add a certification authority administrator
Add a certificate manager
Role-based administration
Add a certification authority auditor
Add a certification authority backup operator
Start or stop the certification authority service