Cannot create self-signed SSL certificate with IIS 7

Check the permissions on the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder. On my domain joined W2k8 member server the permissions are set like so:

Everyone
List folder / read data
Read attributes
Read extended attributes
Create files /write data
Create folders / append data
Write attributes
Write extended attributes
Read permissions
This folder only

SERVER\Administrators Full Control This folder only

No inheritance 

Additionally, all of the files in this folder have their own permissions. You may want to see if your self signed cert is being created and deleted when the access denied error appears.

Did you run the IIS7 snapin as Administrator? If you right click on the IIS7 icon and click on "Run as Administrator" it should work.

Have you tried using the Administrator user account? I know sometimes that even though I may be using an administrative account, Windows wants the Administrator for performing certain operations.

One example that I have encountered with that scenario was running adprep on a domain controller so that I could join a Windows Server 2008 R2 box to the domain. No matter that I was an Enterprise Admin, it would not let me with my account. I had to Run As Administrator.