There are three access control entries (ACEs) that can be used to control administrative access to an Online Responder; each can be set to Allow or Deny:

  • Read. Defines who can use the Online Responder snap-in to view information about the Online Responder.

  • Manage Online Responder. Defines who can use the Online Responder snap-in to modify the configuration of the Online Responder. These permissions should be granted very selectively.

  • Proxy Requests. Enables an Online Responder Web proxy to submit requests for certificate status to the Online Responder service.

You must have Manage Online Responder permissions on the server hosting the Online Responder to complete this procedure. For more information about administering a public key infrastructure (PKI), see Implement Role-Based Administration.

To modify Online Responder security settings

  1. Open the Online Responder snap-in, right-click the Online Responder that you want to manage, and then click Properties.

  2. Click the Security tab.

  3. Add the user or group that you want to set permissions for, and then select the Allow or Deny check boxes for each ACE.

  4. Click OK.

Additional references

  • Audit Revocation Configuration Changes
  • Manage Revocation Data by Using Local CRLs