Microsoft KB Archive/924033

= You can export a private key from a template that was created without export permission in Windows Server 2003 =

Article ID: 924033

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise x64 Edition

-



SYMPTOMS
Consider the following scenario in Microsoft Windows Server 2003:
 * You duplicate a certificate template in the Windows Server 2003 enterprise certification authority (CA).
 * You do not select the Allow private key to be exported check box.

Note When this option is not selected, private keys cannot be exported in the network.
 * The new template is added to the list of available templates.
 * During a Web enrollment, another user requests a certificate and selects the new template.

In this scenario, the user can select the Mark keys as exportable check box. When this check box is selected, private keys can be exported. The availability of this check box is not expected.



WORKAROUND
To work around this problem, the user who requests a new certificate must first select a different template and then select the duplicated template. When the user does this, the Mark keys as exportable check box is unavailable. Therefore, private keys cannot be exported.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Keywords: kbsecurity kbtshoot kbprb KB924033

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.