Permissions to create CNG key

When I try to create machine-scoped CNG key:

CngKey.Create(CngAlgorithm2.Rsa, "TestKey", new CngKeyCreationParameters
    {
        KeyCreationOptions = CngKeyCreationOptions.MachineKey
    });

I get

System.Security.Cryptography.CryptographicException: Access denied.
   at System.Security.Cryptography.NCryptNative.FinalizeKey(SafeNCryptKeyHandle key)
   at System.Security.Cryptography.CngKey.Create(CngAlgorithm algorithm, String keyName, CngKeyCreationParameters creationParameters)

It works when run as administrator, but I need to do this under AD user account without adding this user to local administrators.

What are the exact permissions that grant the right to create CNG keys and where can they be set?

Solution

Answer found. User should be granted Modify permission on %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\Keys.

Is this declaration UB?
return type defaults to 'int' [-Wimplicit-int]
What is the scope of `fesetround()`?
Which specific optimization flag causes libm functions to be treated as pure?
How to render text in SDL2?
Why would you use 'extern "C++"'?
Strange Behavior Compiler Ignoring NULL Check Unless I Print Something in the if Statement
Fast inverse square root using fixed point instead of floating point
What is the const qualifier attached to in C: the memory area or the pointer?
GCC options for strictest C code?
How to do an explicit fall-through in C
How do compilers treat CONST qualifier when the pointer points to a memory location obtained with malloc()?
C: cmocka headers - how to unittest?
Why in C when I print a double with a one decimal it round it to the next number
Android C to Java SWIG unable to compile: incompatible types: byte cannot be converted to SWIGTYPE_p_uint8_t
GNU Make in Ubuntu giving fatal error: rpc/types.h: No such file or directory
How can I exclude non-numeric keys? CS50 Caesar Pset2
How change every struct in an array of pointers?
Optimized 2x2 matrix multiplication: Slow assembly versus fast SIMD
Simple frame by frame video decoder library
GCC no longer implements <varargs.h>
Contents of IO buffer unknown == unsafe?
Avoiding strcpy overflow destination warning
Sort program not working, not sure why
Fast & accurate atan/arctan approximation algorithm
What's the difference between strtok_r and strtok_s in C?
How memory address for pointer to arrays is same as an element in 2D array?
Which is the best way to suppress "unused variable" warning
How to use ellipsis in c's case statement?
Fast ceiling of an integer division in C / C++