i'd like to allow "power" users on our network team to obtain certs for routers, switches, waps, etc... i've added these accounts to the local iis_iusrs group on the ca with the ndes role services, but they receive the "you do not have sufficient permissions to enroll with scep" message when they browse the /certsrv/mscep_admin page. what am i missing? permissions in the ca, on the ra certs, or iis?
↧