Once KMS has been installed in your organization, you must add
the Key Management server account to every Certificate Services
server that will be issuing certificates to KMS. Then you must
assign the Key Management server manage permissions
on the Certificate Services server. Otherwise, you will not be able
to revoke certificates.
The accounts for every Key Management server must be granted manage
rights on every Certificate Services server that will be issuing
certificates to KMS.
To grant manage rights to the Key Management server:
Start Windows 2000 Certificate Services: On the Start
menu, point to Programs, point to Administrative
Tools, and then click Certification Authority.
Note If Certification
Authority does not appear in your Administrative Tools
menu, Certificate Services has not been installed. For information
on installing Certificate Services, see your Windows 2000
In the console tree, right-click the name of your CA, and then
click Properties. The CA name is determined during
On the Security tab, click Add.
In Select Users, Computers, or Groups, select the
computer name for every Key Management server in your organization,
click Add, and then click OK.
On the Security tab, select the computer names you have
added, and then select the Allow check box, next to
Manage. Selecting this check box will grant your Key
Management servers manage rights.