single forest with a root domain and a child domain. Enterprise CA in the root, 1 subordinate CA in the root and 1 subordinate CA in the child. all running W2K3 Enterprise edition. the admins in the child domain cannot duplicate any templates. in the root all works fine. They get an Access Denied when they try. I even duplicated one and gave them full control of the new one and they still get the Access Denied when they try to duplicate. any guidance on what needs to be granted for them to be able to manage certificates in the child autonomously would be greatly appreciated.Ed

Hi Ed, Which account did you use to duplicate templates? Try to log on as a member of both the Enterprise Admins group and the root domain's Domain Admins group to test. If you could manage this CA now, try to delegate control of this certification authority. Set security permissions and delegate control of a certification authority http://technet.microsoft.com/en-us/library/cc778930(WS.10).aspx If you still cannot duplicate templates, try to use built-in administrator, if the parent domain is parent.com, child domain is child.parent.com, use "parent\administrator" to test. Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Ed, Do you need any other assistance? If there is anything we can do for you, please let us know. Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.