Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, May 14, 2009 8:34 PM
Hi,
I have a certificate authority running on a server 2008 machine. If I try to back it up using the certutil command from the regular command prompt, I get an access denied message but if I run it from the administrative command prompt, it executes perfectly. I am an administrator on the server. Any ideas as to why is this happening and if I can resolve it in any way?
Thanks.
All replies (9)
Thursday, May 21, 2009 3:20 AM âś…Answered | 1 vote
Hi,
It seems the account is not a Backup Operator or a Certification Authority Administrator. Please try the steps in the article below to configure permission.
Add a certification authority backup operator
http://technet.microsoft.com/en-us/library/cc759299.aspx
Thanks.
This posting is provided "AS IS" with no warranties, and confers no rights.
Saturday, May 16, 2009 5:31 PM | 1 vote
Sounds like behavior of the UAC. Administrative tasks and tools require elevation. The builtin Administrator and domain Administrator account bypass the UAC, by default.
Monday, May 18, 2009 6:08 AM | 1 vote
Hi,
I agree with Brandon, it may be caused by UAC. You can try the steps below to change UAC behavior.
Create a new GPO for administrators and navigate to:
[Computer Configuration/Policies/Windows Settings/Security Settings/Local Settings/Security Options]
Configure the following policy.
User Account Control: Run all administrators in Admin Approval Mode
Configure User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode to "Elevate without prompting".
Thanks.
This posting is provided "AS IS" with no warranties, and confers no rights.
Wednesday, May 20, 2009 6:07 PM
Thanks a lot! I tried making the suggested changes in the Security Options but to no avail. The weird thing is its only the certutil -backupdb command that fails (at least till now). If I do a certutil -cainfo or a certutil -view, it works fine. I don't understand as to why does the backup command fail!
Tuesday, May 26, 2009 3:44 PM
Hi,
Thanks for your advice. I checked the link that you had suggested and followed the specified instructions but to no avail. I still get the exact same error message. Not sure what to try next.
-p
Wednesday, September 9, 2009 4:11 PM | 1 vote
P,
Go the the shortcut for the command prompt in the start menu, right click on it, and launch the command prompt as an administrator. From there, you should be fine. This is an issue related to UAC. So you can either turn UAC off, or deal with needing to run apps as an administrator when the need arises. For programs you frequently need elevated rights to run as an administrator, open the shortcut properties, and on the advanced options, check the option to Run As Administator.
Jeff
Thursday, September 10, 2009 12:23 AM
Elevation is required to run this command.
Brian
Tuesday, August 3, 2010 12:13 AM
If I wanted to run the backupdb from a bat file (to be run daily by Task Scheduler) how do I get this "elevated" privs? Do I just:
- Make sure the destination folder has the CA added with write prives
- have the bat file run as the local machine CA administrator
- Have the security options set to "Run with Higher Privs" on the Task Schedule security options dialog box
Thanks
Sunday, October 14, 2012 1:33 AM
Wow... it took me NINE hours to figure this out.... /d'oh!!