Numerous references abound stating that Adminsitrative rights are required in order to do an autoenrollment of a computer certificate in Vista, but none, unfortunately, specify what those permissions are. Surely there's a list somewhere, short of adding the user to the Administrators group or giving them an Administrator's password. Question: What are the list permissions required for a normal user to autoenroll a certificate under Vista? Cheers, Russ

NTBugtraq wrote: Numerous references abound stating that Adminsitrative rights are required in order to do an autoenrollment of a computer certificate in Vista, but none, unfortunately, specify what those permissions are. Surely there's a list somewhere, short of adding the user to the Administrators group or giving them an Administrator's password. Question: What are the list permissions required for a normal user to autoenroll a certificate under Vista? Cheers, RussThis isn't an ILM question, however, the answer is fairly simple. When talking about autoenrollment and computer certificates, the user account is not involved at all. The computer requests the certificate in its own security context.

This is not quite true. The user account HAS an effect on the computer certificate enrollment and needs at least READ rights to the computer certificate template. If you log in locally to the machine, the auto enrollment will fail because the local account is not recognized by the Domain and does not have the appropriate permissions.