1
我正在写,创建自签名作为管理员,工作正常,但无法作为管理员证书PowerShell脚本:X509Enrollment.CX509PrivateKey创建没有管理员权限
的一段代码,当我调用Create方法失败:
$PrivateKey = New-Object -ComObject X509Enrollment.CX509PrivateKey
$PrivateKey.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
$PrivateKey.KeySpec = 0x1
$PrivateKey.Length = 2048
# set security descriptor
$PrivateKey.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
# key will be stored in local machine certificate store
$PrivateKey.MachineContext = 0x1
# export will be allowed
$PrivateKey.ExportPolicy = 0x1
$PrivateKey.Create()
它抛出这个错误:
Exception calling "Create" with "0" argument(s): "CertEnroll::CX509PrivateKey::Create: Access is denied. 0x80070005
(WIN32: 5)"
At C:\dev\LinoaSSC.ps1:106 char:1
+ $PrivateKey.Create()
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ComMethodTargetInvocation
我应该如何解决或解决这个错误?多谢你们!