Microsoft ADCS: Unable to register a new Application Policy
I need to create a new, custom Application Policy and assign it to a certificate template. I am logged in as an account which has Full Control on the OID container underneath the Public Key Services container in AD.
If I try to create the custom Application Policy via the Certificate Templates snap-in, I am receiving windows could not save the new application policy name. Insufficient access rights to perform the operation.
I also tried Register-ObjectIdentifier Powershell Commandlet (Source). This returns: Exception calling "Register" with "6" argument(s): "Access is denied"
There is very little documentation on this from Microsoft themselves, but according to Vadims Podans, as long as you have permissions to write to the OID container in AD, you should be able to do this.
Any thoughts?
I had this same issue, and just figured out a solution. Make sure that you not only have full permissions on the OID container, but on all descendants as well. If you go to the properties of the OID container -> security -> advanced, then select your user group and "special permissions" you can edit it to apply to "this object and all descendants." After making that change, I was able to create the application.