i need ordinary FullControl permissions on a private certificate key
the permissions for the specific users get set but only special permissions FullControl….
but everything only works if ordinary FullControl permissions are enabled
#variables set here
#get the installed certificate
$certInstalled = Get-ChildItem $path | Where-Object Subject -Like *pyx*
#check if certificate is installed
if ($certInstalled.Subject -eq $fixedCertSubject) #works
{
$rsaCert = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($certInstalled)
$fileName = $rsaCert.key.UniqueName
$path = "C:ProgramDataMicrosoftCryptoRSAMachineKeys$fileName"
#works
$cert = Get-Acl
$access_rule1 = New-Object System.Security.AccessControl.FileSystemAccessRule($user1, 'FullControl', 'None', 'None', 'Allow')
$cert.AddAccessRule($access_rule1)
$cert.Access | Where-Object IdentityReference -Like $user1
$access_rule2 = New-Object System.Security.AccessControl.FileSystemAccessRule($user2, 'FullControl', 'None', 'None', 'Allow')
$cert.AddAccessRule($access_rule2)
$cert.Access | Where-Object IdentityReference -Like $user2
$access_rule3 = New-Object System.Security.AccessControl.FileSystemAccessRule($user3, 'FullControl', 'None', 'None', 'Allow')
$cert.AddAccessRule($access_rule3)
$cert.Access | Where-Object IdentityReference -Like $user3
Set-Acl -Path $path -AclObject $cert
}
else
{
$message="Certificate with Subject:"+$certInstalled.Subject+" does not exist at "+$path
Write-Host $message -ForegroundColor Red
}
thanks for the help
New contributor
V74D is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.