Geek Answers Handbook

How to set the group policy "Disable automatic renewal of root certificates" vie Registry / Powershell?

I need to disable the following group policy in Windows 7 programmatically, for example, by modifying the registry key using Powershell:

"Disable automatic renewal of root certificates"

Does anyone know which registry key to install or disable to make this work?

+7
windows-7 powershell registry group-policy
source share
3 answers

I had a similar problem when I created an application that was transmitted with the server via HTTPS using two-way SSL.

This caused a delay of the full minute when the initial request was made.

He worked in WinPE, where there was no option to manually click on the local group policy editor. Also, I do not know how to register the root resource in this environment, and it works in an incredibly limited environment, so it cannot access the Windows update (not so that it finds our corporate CA there).

The registry value you are looking for is

HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot

DWORD DisableRootAutoUpdate = 1

Source: http://www.group-policy.com/ref/policy/452/Turn_off_Automatic_Root_Certificates_Update

+2
source share

To disable automatic renewal of root certificates using the local group policy editor:

  • Click "Start" and select "Run."
  • Type gpedit.msc and click OK.
  • If the User Account Control dialog box appears, confirm that the action that it displays is what you want, and then click Continue.
  • In the "Computer Configuration" section, double-click "Administrative Templates", double-click "System", double-click "Manage communications over the Internet," and then select "Internet Connection Settings."
  • Double-click "Disable automatic renewal of root certificates", click "Enabled", and then click "OK."
  • Close the local group policy editor.
+1
source share

Domain policies override local settings. The way they should work (they would be useless otherwise). If you want the policy to be disabled, disable or delete the policy in Group Policy Management or remove the computer from the domain.

0
source share

More articles:


All Articles