Permissions to Manage Certificate Authority Windows Server 2016

In this blog post, I’ll show you how to set permissions to manage certificate authority Windows Server 2016

One of the good things about Windows Server 2016 CA Is that It comes with the ability to assign management permissions to non-domain Admin Users.

About Certificate Authority

A Windows Enterprise CA Server Is Domain Joined Server that Issues trusted digital Certificates to clients and Servers on the network.

Once the Enterprise CA Issues a certificate, the Web Server becomes trusted by all the computers on the Domain automatically.

The most common use of certificates is for Web Servers and Web Services that use HTTPS.

Permissions to Manage Certificate Authority Windows Server 2016

In my case, I’ll give the user David Azure permission to manage the CA and Issue certificates to computers and users.

To assign permissions, I’m using the CA management console -> Right Click -> Properties -> Security Tab

From the security tab, we can see all the available permissions that we can assign users; in my case, I’ll click on Add and find David In AD

I’ll click OK

And from the Permissions panel, I’ll tick the boxes:

  • Issue and Manage Certificates
  • Manage CA


I recommend using the CA permissions option If you need to give non-admin users permission to manage the CA.

When it comes to adding users to the Domain Admins group, I always recommend giving it to full-time Administrators and Engineers.

close up photo of programming of codes
Photo by luis gomes on