Specifies whether to automatically update root certificates using the Windows Update Web site.
Typically, a certificate is used when you use a secure Web site or when you send and receive secure e-mail. Anyone can issue certificates, but to have transactions that are as secure as possible, certificates must be issued by a trusted certificate authority (CA). Microsoft has included a list in Windows XP and other products of companies and organizations that it considers trusted authorities.
If you enable this setting, when you are presented with a certificate issued by an untrusted root authority your computer will not contact the Windows Update web site to see if Microsoft has added the CA to its list of trusted authorities.
If you disable or do not configure this setting, your computer will contact the Windows Update Web site.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Microsoft\SystemCertificates\AuthRoot |
Value Name | DisableRootAutoUpdate |
Value Type | REG_DWORD |
Enabled Value | 1 |
Disabled Value | 0 |