Setting Permissions for the Individual Certificate Template

1. On the Microsoft CA machine, from the Start menu, click Programs, point to Administrative Tools, and then click Certification Authority. The Certification Authority window is displayed.

   

   

2. In the console tree, expand Certification Authority, right-click Certificate Templates, and then click Manage. The Certificate Templates snap-in is displayed.

3. In the Details pane, right-click the certificate template that you want to use, and then click Properties. The Smartcard User Properties window is displayed.

   

4. In the Group or user names box, select the user created with the roles specified in Configuring the Server User Access Rights to a Microsoft CA (for example, ActivID CMS User).

   Note: If the CMS User Name is not available in the list of users, then you must add the ActivID CMS User (see Setting Permissions for the CMS Server Service Account for instructions).

5. In the Permissions for CMS User section, in the Allow column, select the Read and Enroll options.

6. Click Apply, and then OK.

7. Repeat the above procedure for each type of certificate template that you want to use.

   Note: Make sure you set permissions for the Enrollment Agent (Computer) and Key Recovery Agent certificate templates that allow access to the CMS Server User.