Hi all;

 

When I execute the certutil –catemplates > templates.txt command, the following output appears in the template.txt file:

 

DirectoryEmailReplication: Directory Email Replication -- Auto-Enroll: Access is denied.
DomainControllerAuthentication: Domain Controller Authentication -- Auto-Enroll: Access is denied.
EFSRecovery: EFS Recovery Agent -- Auto-Enroll: Access is denied.
EFS: Basic EFS -- Auto-Enroll: Access is denied.
DomainController: Domain Controller -- Auto-Enroll: Access is denied.
WebServer: Web Server -- Auto-Enroll: Access is denied.
Machine: Computer -- Auto-Enroll: Access is denied.
User: User -- Auto-Enroll: Access is denied.
SubCA: Subordinate Certification Authority -- Auto-Enroll: Access is denied.
Administrator: Administrator -- Auto-Enroll: Access is denied.
CertUtil: -CATemplates command completed successfully.

Can anyone tell me what Auto-Enroll: Access is denied.   means?

 

Thanks

 

 

this means that you (your user account) is not allowed to auto-enroll certificates based on certain template. If there is user template (intended for users, not computers) and your user account or the group has Read Enroll and Autoenroll permissions, Access Denied will disappear.

I'm having the same problem and my user is a member of Enterprise and Domain admins. Any suggestions? Windows 2008 R2.

It is not a problem at all. All the command does is list the available templates at the CA.

I typically ignore the permissions report.

Other reasons for the error,

- the account you are logged in is not a computer (the template is for computers)

- Not autoenroll permissions are assigned on the template

- The template requires CA Certificate manager approval

Brian