ITsVISTA
Information that makes life easier when it comes to installing, managing, and using Windows Vista.
Start About FAQ Blogroll Shop

ITsVISTA KB-Link: KB965500

Certificate store ACL change supportability

You may find a security assessment report that recommends you change the Access Control List (ACL) for ProtectedRoot certificate store in the registry.

Microsoft does not recommend making this change to the ACL for ProtectedRoot certification in the registry.

Changing ACL’s on certificate stores is not supported or tested. Functional impairment can be the result and careful testing for the customer specific situation/effects is recommended.

Controlling the root ca list can be done by GPO and there is no need to modify the ACL’s on the persistency containers to achieve the target. Check the documentation on “Enterprise Trusted Root Certificates”

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx

For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB965500.

Get notified of new posts for FREE via RSS or E-mail

Subscribe to ITsVISTA!

Related Posts