Directory Programming .NET

This tool helps you find the private key file for a certificate installed in the local machine store "Personal" container which is where you would typically have your SSL and and token signing certificate installed. Unlike IIS, ADFS itself will NOT work unless your ADFS app pool identity has read access to this file! By default, your app pool runs as Network Service and also by default, only SYSTEM and Administrators have read access to private keys. Therefore, you typically need to change something in order to get a working configuration in ADFS v1x. The best thing to do is NOT run your app pool as SYSTEM but instead add Network Service with read access to your private key file. This utility makes that easy. You select the certificate, it opens the Windows Explorer property page for the private key file and you change the ACL in the GUI. Love it! Thanks for Dominick Baier for writing the original version and posting on his blog. www.leastprivilege.org.