We have a scenario where we import a Web Server certificate of ServerA into the Local Computer store of ServerB on either a Windows Server 2008 or Windows Server 2003 operating system and once our Group Policies run the certificate gets moved to the Current User \ Personal \ Certificates store. It's quite bizzare. This certificate was created based on a Web Server template that was made by copying the default Web Server template. Then it was issued to ServeA via auto enrollment. It works great on ServerA, it only does this weird thing on ServerB. The certificate was exported from ServerA using the PKCS #12 .pfx file format including the certificate chain and the private key. Though we have exported it again using the same format without the chain and again with the same format without the chain and without the private key. All give the same results. Once we run GPUPDATE the certificate is automatically moved to the user store. We did not make any domain policies to do this. Our consultants/developers need this setup for their mutual authentication, is what I am being told. Has anyone seen this behaviour? Could you try to re create it perhaps?