none
Turn off Automatic Root Certificates Update RRS feed

  • Question

  • I want to Turn off Automatic Root Certificates Update, which I feel can be done using the group Policy. But I am not sure what Repercussion it going to have. From the description I realise that if we disbale root certificate and

    "If the user is presented with a certificate issued by a root certification authority that is not directly trusted, and the Update Root Certificates component is not installed on the user’s computer, the user will be prevented from completing the action that required authentication"

    from the above statement I want to know how it is determined if the certificate issue is trusted or not even before checking with the Microsoft website as thats been turned of.

    Tuesday, March 19, 2013 10:19 AM

Answers

  • How to publish third party root CA with ADCS in the Windows AD domain

    Regards
    Biswajit Biswas
    My Blogs|TechnetWiki Ninja


    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

    Tuesday, March 19, 2013 11:43 AM
  • By default the o/s now checks in daily with Windows Update.  If you want to turn off the Automatic Windows Certificate Update Service you have to do a registry hack.  We had a lot of problems with this and worked with Microsoft, but the URL below will give you what you want.
    http://technet.microsoft.com/en-us/library/cc734054(WS.10).aspx

    Look for the Paragraph Header

    Turn off Automatic Root Certificates Update

    -- 
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.


    Tuesday, March 19, 2013 11:50 AM
    Moderator
  • If you need more details, please ask them here: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Tuesday, March 19, 2013 9:26 PM

All replies

  • Run----MMC-----Add remove snapin------certificates .

    You can check users & computers; see the below snap for users.


    Regards
    Biswajit Biswas
    My Blogs|TechnetWiki Ninja

    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin


    • Edited by bshwjt Tuesday, March 19, 2013 10:40 AM
    Tuesday, March 19, 2013 10:39 AM
  • Thanks but these are certificate which are already downloaded. what if an application comes with a new certificate and how is the determination made on that case.

    In short on what basis the certificate are stored in trsuted root Authority.

    • Edited by CVRajesh Tuesday, March 19, 2013 10:45 AM
    Tuesday, March 19, 2013 10:44 AM
  • How to publish third party root CA with ADCS in the Windows AD domain

    Regards
    Biswajit Biswas
    My Blogs|TechnetWiki Ninja


    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

    Tuesday, March 19, 2013 11:43 AM
  • By default the o/s now checks in daily with Windows Update.  If you want to turn off the Automatic Windows Certificate Update Service you have to do a registry hack.  We had a lot of problems with this and worked with Microsoft, but the URL below will give you what you want.
    http://technet.microsoft.com/en-us/library/cc734054(WS.10).aspx

    Look for the Paragraph Header

    Turn off Automatic Root Certificates Update

    -- 
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.


    Tuesday, March 19, 2013 11:50 AM
    Moderator
  • If you need more details, please ask them here: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Tuesday, March 19, 2013 9:26 PM
  • You can enable a GPO to turn off the Automatic Root Certificates Update:

    • Computer config ->
    • Administrative Templates ->
    • System ->
    • Internet Communication Management ->
    • Internet Communication settings.



    • Edited by baba2k13 Monday, May 12, 2014 7:49 AM
    • Proposed as answer by baba2k13 Monday, May 12, 2014 7:49 AM
    Monday, May 12, 2014 7:48 AM