Certificate hell

For the last few days I've been struggling at work with a vital test server suddnely not being able to import certificates. Something happened to it whilst I was on the train (see earlier post). The something was someone modifying the Default permissions for the MachineKeys folders however the amusing thing was that
1 - They gave SYSTEM extra permissions
2 - When I asked what they did so we could undo it, they only remembered the MachineKeys part of the path and a windows search only showed up
C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys
not the actual
C\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

So the former got reset and funnily enough the server was still crocked. It was only when 'they' remembered it's full path could we fix the problem. The even more galling thing was that although I had discovered the KB article before this and that it does give the required path but I too fixated on the MachineKeys portion - Doh.
Still I learnt an awful lot about things that weren't wrong with the server, and now know more about certificates than I ever really wanted to know.