How to store extremely sensitive user data in Windows?

How to store extremely sensitive user data in Windows?

I'm working on desktop application, which generates a certificate to
identify user (let's call him Owner) in the future. I'd like to maximally
restrict access to this certificate, but I don't want Owner to enter
password for certificate.
Basically, I want certificate file be only accessible by elevated members
of Administrators group (better, if not, but I suspect it's not possible
otherwise), and my application, when it is running under Owner's account.
Is there any API in Windows to do this? .NET preferred, but not necessary.