Peter Gutmann wrote:
"Timothy J. Miller" <tmiller(_at_)mitre(_dot_)org> writes:
The only reliable way to nuke a trusted cert from Windows is touch management
It's worse than that, there is no reliable way to remove trusted certs from
Windows. See Paul Hoffman's analysis at
I've corresponded with Paul about that in the past. Root
auto-installation can be disabled, users can be blocked from installing
roots in both the machine and user store (requires domain GPO, IIRC),
and subjectInfoAccess chasing can be disabled (Vista "feature").
Incomplete answer for general users, yes, but it's there nonetheless.
Presumably if you're touch managing workstations for trust anchor
removal you can verify that these settings are all in place. :)
The roots that shouldn't be removed are the ones needed to boot (i.e.,
validate authenticode signatures). That's more than a few in XP.
Description: S/MIME Cryptographic Signature