What are the minimum required Root and Intermediate Certificates too Boot and driver signing?
I am considering removing as many CA certificates as possible from my installation ( http://security.stackexchange.com/q/2268/396 )
What are the minimum amount of root certs I need to boot my PC/Server?
June 2nd, 2012 10:20am
Hello,
for Security please use the following forum
http://social.technet.microsoft.com/Forums/en/winserversecurity/threadsBest regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
June 2nd, 2012 11:55am
I am considering removing as many CA certificates as possible from my installation ( http://security.stackexchange.com/q/2268/396 )
What are the minimum amount of root certs I need to boot my PC/Server?
Is the accepted answer there correct?
June 2nd, 2012 7:09pm
You should consider to close the link and continue your work. Even if you delete them, they will be installed back, once they are requested. This is because a copy of all certificates is stored in Crypt32.dll library and Windows Update.
And if any of the CA become compromised, Microsoft will immediately react appropriately (publishes updated root list via windows update).My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
June 3rd, 2012 5:45am
You should consider to close the link and continue your work. Even if you delete them, they will be installed back, once they are requested. This is because a copy of all certificates is stored in Crypt32.dll library and Windows Update.
And if any of the CA become compromised, Microsoft will immediately react appropriately (publishes updated root list via windows update).My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
June 3rd, 2012 5:53am
Suppose I only want these certificates to be in my store: http://support.microsoft.com/?id=293781
How can I disable the automatic installation of those certs Vadims Podans?
Also, respectfully, I don't think Vadims understands why I'm removing the certificates. Please see all the many other examples int he original link ( http://security.stackexchange.com/q/2268/396 )
that describe how one CA compromise can affect the entire computer, even to sites I own.
Free Windows Admin Tool Kit Click here and download it now
June 3rd, 2012 8:56pm
Hi,
Trusted Root Certification Authorities: Implicitly trusted CAs. Includes all of the certificates in the Third-Party Root CAs store plus root certificates from your organization and Microsoft.
The KB you provide about Trusted root certificates that are required are related to may limit functionality of the operating system or may cause the computer to fail.
Hope this helps!
Best Regards
Elytis Cheng
TechNet Subscriber Support
If you are
TechNet Subscription user and have any
feedback on our support quality, please send your feedback here.Elytis Cheng
TechNet Community Support
June 4th, 2012 3:20am