From 6ef267bc108ea6dcfc958da281b51baf30a93078 Mon Sep 17 00:00:00 2001
From: Jason Stephenson <jstephenson@mimecast.com>
Date: Wed, 25 Mar 2020 15:12:20 +0000
Subject: Issue-4875: Explicitly request RW permissions or the Group Policy and
 Enterprise physical stores will fail with ACCESS_DENIED

---
 src/ca/scacertexec.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/ca/scacertexec.cpp b/src/ca/scacertexec.cpp
index 3864659f..ff87f485 100644
--- a/src/ca/scacertexec.cpp
+++ b/src/ca/scacertexec.cpp
@@ -175,7 +175,7 @@ static HRESULT ExecuteCertificateOperation(
     }
 
     // Open the right store.
-    hCertStore = ::CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL, dwStoreLocation, pwzStore);
+    hCertStore = ::CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL, dwStoreLocation | CERT_STORE_MAXIMUM_ALLOWED_FLAG, pwzStore);
     MessageExitOnNullWithLastError(hCertStore, hr, msierrCERTFailedOpen, "Failed to open certificate store: %ls", pwzStore);
 
     if (SCA_ACTION_INSTALL == saAction) // install operations need more data
-- 
cgit v1.2.3-55-g6feb