New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Least User Privileges #136
Comments
no, there is no such documentation.
which ones? Can you provide specific examples? |
Get-CertificationAuthority returns "IsAccessible"=False which causes any commands leveraging the results returned by this command to fail.
Get-CATemplate returns an error that the specified certification authority is unavailable.
Submit-CertificateRequest fails with a cryptic 'Server' is a ReadOnly Property error.
|
It is a bug. There is an unnecessary check for CA admin permission. |
First issue (certificate template reading) is fixed. I'm investigating second issue and will update the issue when fix it. |
Both issues are now resolved. Fix will be added to next PSPKI release |
Would it be possible to build a pre/beta release module for this? I'm running into this issue and unfortunately don't have access to VS to rebuild the library |
I see you stated you have fixed the issue I am having here but I don't see a link to get the updated cmdlet. As you may know, there is/was no next PSPKI release yet. The paid support version is still 3.7.2 without this fix in it. Are you able to send me the fixed versions? |
Hi @Crypt32, thx for the very handy module and greatly appreciate! |
Fixed in v4.0.0 |
Is there any documentation outlining least user privileges for each cmdlet? I'm finding that many tasks fail to execute if the account does not have "issue and manage certificates" rights on the CA. Is there any way to request a certificate from a CA without needing to grant the account full rights to manage the CA? The account already has read/enroll rights to the template in question.
The text was updated successfully, but these errors were encountered: