Can't create Always Encrypted CMK in LocalMachine even as local administrator


  • I need to create a CMK in the LocalMachine keystore on SQL Server 2016 Standard (using manual key creation as automatic wizard insists on CurrentUser which is no good). My user account is a Local Administrator, yet I get told by the system that "you do not have the required permissions to create certificates in local machine".

    This can surely not be right?

    I have been tearing my hair out over this issue for two days straight by now and I am in desperate need of assistance!


    Friday, July 6, 2018 1:18 PM

All replies

  • Hi Jnicklasson,

    According to your description, it looks like that you are going to import your certificate to Windows Certificate Store, if any misunderstand, please tell me.

    An mentioned above, you have a local administrator, do you mean that you login the Windows as administrator? An account with administrator permission should have enough permission to Windows Certificate Store. Please try to login with the account Administrator or other account with administrator permission and try again.

    Besides, this problem is more related to Windows, I would suggest you opening a case in Windows Server forum at

    Best Regards,


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact

    Monday, July 9, 2018 5:59 AM