|
Posted by =?Utf-8?B?R3VubmE=?= on September 4, 2008, 1:36 am
If you were Registered and logged in, you could reply and use other advanced thread options
Brian,
Found some conflicting things. Firstly as you have already said you need to
be an Enterprise admin to install an Enterprise Root CA and if you refer to
this article http://technet.microsoft.com/en-us/library/cc776709.aspx is says
the same.
However,
I just built a new environment. Standard Server 2003 SP2 domain controller
and a Standard Server 2003 SP2 for my Root CA. I logged onto the 2nd machine
as a user with local admin to the second server only (only domain membership
was Domain Users) and tried to install PKI and sure enough I only got the
Standalone options. I stopped the install and then logged on using an
account i created and placed only in the Domain Users and Domain Admins
groups. Then started to install Certificate services and I got both the
Enterprise and Standalone options. I then installed it completely as
Enterprise Root CA as a Domain Admin only with no visible errors or issues.
So what is the Enterprise Admin requriment for?
"Brian Komar (MVP)" wrote:
> Gunna,
> In your test environment, the account is a member of the Enterprise Admins
> group (either directly or through a group nesting).
> - You can run an enterprise CA on the Standard, Enteprise, or Data Center
> edition SKUs
> - To get full functionality, you need to run on Enterprise or Data Center
> SKUs
> Full Functionality includes: issue certs on V2 cert templates, Key
> archival,
> Brian
>
> > Thanks Paul but im afraid i am just more confused. Can you answer a
> > question
> > for me becuase I read conflicting things. You can or cannot run
> > Enterprise
> > CA or Enterprise Sub on Standard edition? What the differnece between
> > running Enterprise on a standard servers versus Enteprise edition server?
> >
> >
> > And further to my original post. I am logged onto the member server as a
> > member of the Domain Admin group only but I can see the option to select
> > Enterprise Root or Enterprise Sub. Could I be seeing it becuase the
> > Domain
> > Admins group is a member of the Administrators group in Active Directory?
> >
> >
> > "Paul Adare - MVP" wrote:
> >
> >> On Mon, 1 Sep 2008 20:01:01 -0700, Gunna wrote:
> >>
> >> > I have an issue in Production im trying to solve so I decided to
> >> > replicate
> >> > the setup using Virtual PC. I have my DC up and running, then I setup
> >> > a
> >> > member Server running 2003 Server Standard with SP2, this is going to
> >> > be my
> >> > replica standalone root CA.
> >> >
> >> > The strange thing I get is when I go to setup Certificate services the
> >> > options for Enterprise CA and Enterpriose subordinate are available but
> >> > when
> >> > I set this up in production they where greyed out. I assumed they
> >> > where not
> >> > available becuase I was running Server standard but here in my lab I
> >> > isntalled Standard and the Enterprise options are available. As if PKI
> >> > wasnt
> >> > confusing enough.
> >>
> >> The account you're logged in with needs to be an Enterprise Admin
> >> account.
> >>
> >> --
> >> Paul Adare
> >> MVP - Identity Lifecycle Manager
> >> http://www.identit.ca
> >> Your password is pitifully obvious.
> >>
>
| 
XML site map