I have a need to access an RSA private key from a Windows service running under the NT AUTHORITY\SYSTEM account. I'm able to install the private key on the server, and then make use of that key when running as the user that installed the key. However, the key does not seem to be available from the Windows service. Do I need a machine-level key here (which I understand increases the risk of compromise), or is there a way I can install a key specifically intended for use by the SYSTEM account?
A:
You can do start->run->mmc, load the Certificates snap-in and then choose "Service account" to manage the certificates for a specific service. I am not sure if you can do this for the SYSTEM account. Is this a requirement or are you able to run your service as a custom least privilege account?
zac
2009-11-04 21:29:25