JSI Tip 10146. The 'Turn off Automatic Root Certificates Update' policy does not appear in the Rsop.msc tool on a computer that is running Windows XP Professional SP2 or Windows Server 2003 SP1?

When you enable the Turn off Automatic Root Certificates Update policy on one of the subject operating systems, the Turn off Automatic Root Certificates Update does not appear in Rsop.msc (Resultant Set of Policy).

To workaround this behavior, an Administrator can:

1. Open a CMD.EXE window.

2. Type Gpresult /z>"%TEMP%\RSopFail.txt" and press Enter.

3. Type notepad "%TEMP%\RSopFail.txt" and press Enter.

4. Locate the following:

For Windows Server 2003 with SP1:

                GPO: Local Group Policy
                KeyName:     Software\policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate
                Value:       1, 0, 0, 0
                State:       Enabled

For Windows XP Professional SP2:

                GPO: Local Group Policy
                Setting:  Software\Policies\Microsoft\SystemCertificates\AuthRoot
                State:    Enabled

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.