Least privileged user

Oct 25, 2016 at 9:20 AM

I'm using PSPKI v3.2.6
I'm trying to retrieve the issued certificates remotely. When I'm doing this with a regular AD user I get this error:

Get-IssuedRequest : Exception calling "GetSchema" with "0" argument(s): "Specified Certification Authority 'XXXXXXXXXX' is unavailable."
At C:\scripts\CertScript.ps1:10 char:76
  • $certarray = Get-CertificationAuthority -ComputerName XXXXXXXXXX | Get-I ...
  • ~~~~~
    • CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
    • FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-IssuedRequest
The powershell command in question is the following:
Get-CertificationAuthority -ComputerName <CA FQDN> | Get-IssuedRequest -Property UPN,CertificateTemplate

If I'm local admin on the CA machine, this works remotely without problems.
The question is: What are the minimum permissions I should give to my user to make this work?

Thank you,
Oct 25, 2016 at 7:00 PM
You must be granted CA Manger permissions on CA server.
Oct 26, 2016 at 1:03 PM
Thank you, it works.