I am considering removing as many CA certificates as possible from my installation ( http://security.stackexchange.com/q/2268/396 ) What are the minimum amount of root certs I need to boot my PC/Server?

Hello, for Security please use the following forum http://social.technet.microsoft.com/Forums/en/winserversecurity/threadsBest regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

I am considering removing as many CA certificates as possible from my installation ( http://security.stackexchange.com/q/2268/396 ) What are the minimum amount of root certs I need to boot my PC/Server? Is the accepted answer there correct?

You should consider to close the link and continue your work. Even if you delete them, they will be installed back, once they are requested. This is because a copy of all certificates is stored in Crypt32.dll library and Windows Update. And if any of the CA become compromised, Microsoft will immediately react appropriately (publishes updated root list via windows update).My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki

You should consider to close the link and continue your work. Even if you delete them, they will be installed back, once they are requested. This is because a copy of all certificates is stored in Crypt32.dll library and Windows Update. And if any of the CA become compromised, Microsoft will immediately react appropriately (publishes updated root list via windows update).My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki

Suppose I only want these certificates to be in my store: http://support.microsoft.com/?id=293781 How can I disable the automatic installation of those certs Vadims Podans? Also, respectfully, I don't think Vadims understands why I'm removing the certificates. Please see all the many other examples int he original link ( http://security.stackexchange.com/q/2268/396 ) that describe how one CA compromise can affect the entire computer, even to sites I own.

Hi, Trusted Root Certification Authorities: Implicitly trusted CAs. Includes all of the certificates in the Third-Party Root CAs store plus root certificates from your organization and Microsoft. The KB you provide about Trusted root certificates that are required are related to may limit functionality of the operating system or may cause the computer to fail. Hope this helps! Best Regards Elytis Cheng TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Elytis Cheng TechNet Community Support