Hi!
I have Enterprise CA on AD 2012 R2 level forest. I want to manage it on another server via remote tools.
I create Cert Admins and Cert Managers security groups and grant Manage CA and Issue and Manage certificates permissionsrespectively. I also add my user with standalone rights (non-administrator) to this groups. When I tried to view my CA remotely, I receive "Access denied" error. But when I grant this rights directly to my user, no problems occurred.
My question: WTF?