Showing results for 
Show  only  | Search instead for 
Did you mean: 


Windows Server 2012 requires the publishing user to be a local administrator which causes a failure to sign error on users without this privilege. This article provides alternative methods to solve this problem.


You may find that some users are able to publish packages to WSUS and others aren't even if those users are publishing from the same machine. In this case, both users have proper disk permissions on WSUS and are members of the WSUS Administrators group.


Windows Server 2012 requires a user to be a local admin in order to publish packages to WSUS in addition to being a WSUS administrator.


There are two paths to resolution. The first would be to make the user in question a local administrator on your WSUS Server. If this isn't an option, then you'll need to take the second path which is a workaround.


The workaround:

Change the ownership of HKEY_CLASSES_ROOT\AppID\{8F5D3447-9CCE-455C-BAEF-55D42420143B} to Administrators. Change the permission on that key. Make sure Administrators and System have full control on that()

1. Launch Dcomcnfg.exe in elevated mode.

2. Select Component Services / Computers / My Computer / Dcom Config / WSusCertServer

3. Press Right Click and select Properties.

4. WSusCertServer Properties dialog will show up, and click on the Security tab.

5. Set Launch and Activation Permissions and Access Permissions like the following examples: 


6. Restart WSusCertServer service (net stop/net start)

Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Sep 25, 2019 06:52 PM
Updated by: