Hi, I have an Enterprise subordinate CA on 2008R2 datacenter. I have installed the CA Web enrollment service. I want to configure Web enrollment so users can submit requests, but I seem to be unable to set permissions on the virtual directory (the add button is greyed out in the security permissions gui). Is there some other way to set this up? I am a local and domain admin. I have noticed that the owner is "trusted installer". There must be some way to configure this, but I can't find any recommended MS method for it.... Please advise, Thanks, Fred.

Hi, read carefully this detailed guide http://www.isaserver.org/img/upl/vpnkitbeta2/installenterpriseca.htm HTHEdoardo Benussi - Microsoft MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org

Hi, Thanks for that - but can't see anything relevant to my specific problem. Thanks anyway.

when you tell "(the add button is greyed out in the security permissions gui)" are you speaking about directory security in iis manager console or about ntfs permissions ?Edoardo Benussi - Microsoft MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org

On Wed, 10 Nov 2010 16:21:24 +0000, Edoardo Benussi [MVP] wrote: Hi, read carefully this detailed guide http://www.isaserver.org/img/upl/vpnkitbeta2/installenterpriseca.htm No offense but I strongly recommend that no one use this guide to build a PKI based on certificate services. An online, Enterprise Root CA, should never be used in a production environment of any size. It simply isn't secure enough for production use. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca

On Wed, 10 Nov 2010 16:03:28 +0000, asdasdqqwqwqwqw wrote: I have an Enterprise subordinate CA on 2008R2 datacenter.? I have installed the CA Web enrollment service. I want to configure Web enrollment so users can submit requests, but I seem to be unable to set permissions on the virtual directory (the add button is greyed out in the security permissions gui).? Is there some other way to set this up?? I am a local and domain admin. I have noticed that the owner is "trusted installer". There must be some way to configure this, but I can't find any recommended MS method for it.... You should not have to modify permissions at all, what makes you think that you need to do this? What is the exact name of the role service you installed? Are you sure that you installed the correct one as there are now 2 that have "enrollment" and "web" in their names: Certification Authority Web Enrollment and Certificate Enrollment Web Service Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca

On Wed, 10 Nov 2010 16:21:24 +0000, Edoardo Benussi [MVP] wrote: read carefully this detailed guide http://www.isaserver.org/img/upl/vpnkitbeta2/installenterpriseca.htm Also, the guide mentioned above is for 2003. Things have changed quite significantly for 2008 R2. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca

Hi Fred, How's everything going? If you need further assistance, please do not hesitate to respond back. Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Yeah all sorted. You don't need to modify permissions, just make sure you have enrol permissions on the relevant certificate...