How to set Group Policy "Turn Off Automatic Root Certificates Update" vie Registry/Powershell?

powershell windows-7 registry group-policy

Erik · Jul 4, 2013 · Viewed 23.1k times · Source

I need to disable the following group policy in Windows 7 programatically, for example by modifying a registry key using Powershell:

"Turn Off Automatic Root Certificates Update"

Does anybody know which registry key needs to be set or unset in order to make this work?

Answer

I had a similar issue when i was creating an application that communicated with a server over HTTPS using two-way SSL.

This was causing a delay of a full minute when the initial request was made

It ran in WinPE where hand clicking through the local group policy editor was not an option. There also is no way I am aware of to register a root authority in this environment and it is running in an incredibly restricted environment so it can not access windows update (not that it would find our corporate CA there anyway).

The registry value you are looking for is

HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot

DWORD DisableRootAutoUpdate = 1

Source: http://www.group-policy.com/ref/policy/452/Turn_off_Automatic_Root_Certificates_Update

How to set Group Policy "Turn Off Automatic Root Certificates Update" vie Registry/Powershell?

Answer

Related questions