Registrations are now open. Join us today!
There is still a lot of work to do on the wiki yet! More information about editing can be found here.
Already have an account?

Microsoft KB Archive/924033

From BetaArchive Wiki
Knowledge Base

You can export a private key from a template that was created without export permission in Windows Server 2003

Article ID: 924033

Article Last Modified on 10/30/2006


  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise x64 Edition


Consider the following scenario in Microsoft Windows Server 2003:

  • You duplicate a certificate template in the Windows Server 2003 enterprise certification authority (CA).
  • You do not select the Allow private key to be exported check box.

Note When this option is not selected, private keys cannot be exported in the network.

  • The new template is added to the list of available templates.
  • During a Web enrollment, another user requests a certificate and selects the new template.

In this scenario, the user can select the Mark keys as exportable check box. When this check box is selected, private keys can be exported. The availability of this check box is not expected.


To work around this problem, the user who requests a new certificate must first select a different template and then select the duplicated template. When the user does this, the Mark keys as exportable check box is unavailable. Therefore, private keys cannot be exported.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Keywords: kbsecurity kbtshoot kbprb KB924033