Configure certificate manager restrictions

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To configure certificate manager restrictions

Log on to the system as a Certification Authority Administrator.
Open Certification Authority.
In the console tree, click the name of the certification authority (CA).

Where?
- Certification Authority (Computer)/CA name
On the Action menu, click Properties.
On the Certificate Manager Restrictions tab, click Restrict certificate managers.
In Available certificate managers, select the certificate manager subject or group you want.
Click Add to add groups, users or computers to manage for the selected certificate manager.

Notes

To open Certification Authority, click Start, click Control Panel, double-click Administrative Tools, and then double-click Certification Authority.
If a CA is running on a member server and the Restrict certificate managers property is enabled, then the member server needs to be added to the Pre-Windows 2000 Compatible Access built-in group of every domain from which it will receive certificate requests. Once added to these groups, the administrator of the CA is allowed to issue a certificate for subjects in those domains.

Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.