Hi, I have a certificate authority running on a server 2008 machine. If I try to back it up using the certutil command from the regular command prompt, I get an access denied message but if I run it from the administrative command prompt, it executes perfectly. I am an administrator on the server. Any ideas as to why is this happening and if I can resolve it in any way? Thanks.

Sounds likebehavior of the UAC. Administrative tasks and tools require elevation. The builtin Administrator and domain Administrator account bypass the UAC, by default.

Hi, I agree with Brandon, it may be caused by UAC. You can try the steps below to change UAC behavior. Create a new GPO for administrators and navigate to: [Computer Configuration/Policies/Windows Settings/Security Settings/Local Settings/Security Options] Configure the following policy. User Account Control: Run all administrators in Admin Approval Mode Configure User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode to "Elevate without prompting". Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.

Thanks a lot! I tried making the suggested changes in the Security Options but to no avail. The weird thing is its only the certutil -backupdb command that fails (at least till now). If I do a certutil -cainfo or a certutil -view, it works fine. I don't understand as to why does the backup command fail!

Hi, It seems the account is not a Backup Operator or a Certification Authority Administrator. Please try the steps in the article below to configure permission. Add a certification authority backup operator http://technet.microsoft.com/en-us/library/cc759299.aspx Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.

Hi, Thanks for your advice. I checked the link that you had suggested and followed the specified instructions but to no avail. I still get the exact same error message. Not sure what to try next. -p

P,Go the the shortcut for the command prompt in the start menu, right click on it, and launch the command prompt as an administrator. From there, you should be fine. This is an issue related to UAC. So you can either turn UAC off, or deal with needing to run apps as an administrator when the need arises. For programs you frequently need elevated rights to run as an administrator, open the shortcut properties, and on the advanced options, check the option to Run As Administator. Jeff

Elevation is required to run this command.Brian

If I wanted to run the backupdb from a bat file (to be run daily by Task Scheduler) how do I get this "elevated" privs? Do I just: Make sure the destination folder has the CA added with write prives have the bat file run as the local machine CA administrator Have the security options set to "Run with Higher Privs" on the Task Schedule security options dialog box Thanks

Wow... it took me NINE hours to figure this out.... /d'oh!!