How to set Group Policy "Turn Off Automatic Root Certificates Update" vie Registry/Powershell?

Erik picture Erik · Jul 4, 2013 · Viewed 23.1k times · Source

I need to disable the following group policy in Windows 7 programatically, for example by modifying a registry key using Powershell:

"Turn Off Automatic Root Certificates Update"

Does anybody know which registry key needs to be set or unset in order to make this work?

Answer

JoshHetland picture JoshHetland · Feb 19, 2014

I had a similar issue when i was creating an application that communicated with a server over HTTPS using two-way SSL.

This was causing a delay of a full minute when the initial request was made

It ran in WinPE where hand clicking through the local group policy editor was not an option. There also is no way I am aware of to register a root authority in this environment and it is running in an incredibly restricted environment so it can not access windows update (not that it would find our corporate CA there anyway).

The registry value you are looking for is

HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot

DWORD DisableRootAutoUpdate = 1

Source: http://www.group-policy.com/ref/policy/452/Turn_off_Automatic_Root_Certificates_Update