deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-27 20:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/mdop/appv-v4/how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md
xiaoyinl f4bb542824 Update fwlink to use HTTPS 
In this patch, I replaced all occurrences of http://go.microsoft.com with https://go.microsoft.com
2016-08-30 03:02:30 -04:00

64 lines
2.7 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: How to Modify Private Key Permissions to Support Management Server or Streaming Server
description: How to Modify Private Key Permissions to Support Management Server or Streaming Server
author: jamiejdt
ms.assetid: 1ebe86fa-0fbc-4512-aebc-0a5da991cd43
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w8
---
# How to Modify Private Key Permissions to Support Management Server or Streaming Server
To support a more secure App-V installation, you can use the following procedures to modify private keys in either Windows Server 2003 or Windows Server 2008. To modify the permissions of the private key, you can use the Windows Server 2003 Resource Kit tool `WinHttpCertCfg.exe`.
For Windows Server 2003, the procedure requires that a certificate that meets the prerequisites listed in this document is installed on the computer or computers on which you will install the App-V Management or Streaming Server. Additional information about using the `WinHttpCertCfg.exe` tool is available at <https://go.microsoft.com/fwlink/?LinkId=151981>.
In Windows Server 2008, the process of changing the ACLs on the private key is much simpler. The certificates user interface can be used to manage private key permissions.
**Note**  
The default security context is Network Service; however, a domain account can be used instead.
 
**To manage private keys in Windows Server 2003**
1. On the computer that will become the App-V Management or Streaming Server, type the following command in a command prompt to list the current permissions assigned to a specific certificate:
`winhttpcertcfg -l -c LOCAL_MACHINE\My -s Name_of_cert`
2. If necessary, modify the permissions of the certificate to provide read access to the security context that will be used for Management or Streaming Service:
`winhttpcertcfg -g -c LOCAL_MACHINE\My -s Name_of_cert -a NetworkService`
3. Verify that the security context was properly added by listing the permissions on the certificate:
`winhttpcertcfg l c LOCAL_MACHINE\My s Name_of_cert`
**To manage private keys in Windows Server 2008**
1. Create a Microsoft Management Console (MMC) with the *Certificates* snap-in that targets the *Local Machine* certificate store.
2. Expand the MMC and select **Manage Private Keys**.
3. On the **Security** tab, add the **Network Service** account with **Read** access.
## Related topics
[Configuring Certificates to Support App-V Management Server or Streaming Server](configuring-certificates-to-support-app-v-management-server-or-streaming-server.md)
[Configuring Certificates to Support Secure Streaming](configuring-certificates-to-support-secure-streaming.md)
 
 
Reference in New Issue View Git Blame Copy Permalink