none
Updating Trusted Root Certificates for New Win 10 Gold Image RRS feed

  • Question

  • Hey All,

    Building a new Win 10 Enterprise image and I'm confused about the lack of Trusted Root Certificates in my Certificates (Local computer Store)

    I happen to have a Win 10 Home Laptop we are testing and it contains "43" Trusted Root Certificates

    (Pic removed due to Body text cannot contain images or links until we are able to verify your account.)

    Yet my Win 10 Enterprise 1703 which is up to date with Windows Updates Only contains "15" certificates

    (Pic removed due to Body text cannot contain images or links until we are able to verify your account.)

    And, reading through older threads in regards to Windows 7 - they talk about updating your store manually - https://support.microsoft.com/en-us/help/2813430/an-update-is-available-that-enables-administrators-to-update-trusted-a

    When I did that on some of our production machines - it increased the certificates in the local computer Trusted Root to over "370" 

    (Pic removed due to Body text cannot contain images or links until we are able to verify your account.)

    My questions are

    1.  Why does Win 10 Home have more then Win 10 Ent?
    2.  Why do the documents not mention Windows 10??  Is there a proper way to update this?
    3.  I'm thinking about just going the manual update route via this link - https://community.spiceworks.com/topic/584022-missing-or-invalid-root-certificates-on-windows-7-64bit

    Any downside to me doing it in my golden image?

    Many thanks in advance!


    Thursday, July 20, 2017 6:43 PM

All replies

  • For number of Trusted Root Certificates, we don’t need to care about it, different computers have different numbers of Trusted Root Certificates, this number depends on installed updates and software, we just need to make sure system connects the Windows Update server, and Windows will get the latest CTL automatically.

    Look at my three Windows 10 machine, one is 1511, others are 1703, all of them are up to date, but they have different numbers of certificates.

    So, if you want to create a clean Windows image, you don’t need to care the number of Trusted Root Certificates, certificates will be downloaded automatically during update, what you need to care is just GPOs configurations.

    https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx

    if you want to install Trusted Root Certificate manually, please refer to this link

    https://www.kapilarya.com/how-to-install-trusted-root-certificate-in-windows-10

    Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 21, 2017 3:17 AM
    Moderator
  • Would you mind letting me know the update of the problem? If you need further assistance, feel free to let me know. I will be more than happy to be of assistance.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 27, 2017 8:25 AM
    Moderator