I was going to encrypt the connection strings in some web.config files on a production server. I followed the instructions in the MSDN Library 'Walkthrough: Encrypting Configuration Information Using Protected Configuration'
http://msdn2.microsoft.com/en-us/library/dtkwfdky.aspx
However when I ran
aspnet_regiis.exe -pa "NetFrameworkConfigurationKey" "NT AUTHORITY\NETWORK SERVICE"
I got the following error:
Adding ACL for access to the RSA Key container...
Could not access the RSA key container. Make sure that the ACLs on the container
allow you to access it.
Failed!
I was running the command under an administrator account, so I expected to have all the access in the world. I used Process Monitor to find out where the problem was: The file
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ d6d986f09a1ee04e24c949879fdb506c_34b3925e-0f96-4fb7-a312-e89b0b98f24a
Seems to have the RSA key and the ACLs of it allowed full access to SYSTEM and one other user that isn’t an administrative account. I added permissions for the Administrators group and now the command worked fine.