When creating a certificate with makecert on Windows Server 2003, I'd have to set the permissions on the private key to be accessible to NETWORK SERVICE so that the private key could be read by the WCF service. I could access the file by navigating to C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys. Once I set read permissions for NETWORK SERVICE, everything worked fine.
I'm looking at Windows Server 2008, and can't find a similar locaiton in C:\Users or anywhere else. What is the proper mechanism for setting permissions to the private key? Where are they located? I'm using makecert to directly install it to TrustedPeople / localmachine