Disable trust of third-party root CAs for a Windows Server 2003 domain
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To disable trust of third-party root CAs for a Windows Server 2003 domain
Open the Group Policy object that you want to edit.
In the console tree, right-click Trusted Root Certification Authorities, and click Properties.
Where?
- Policy Object Name/Computer Configuration/Windows Settings/Security Settings/Public Key Policies/Trusted Root Certification Authorities
In Client computers can trust the following certificate stores, select the Enterprise Root Certification Authorities option.
Notes
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
To open a Group Policy object, see Related Topics.
This procedure does not apply to Local Policy objects.
Information about functional differences
- Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.
See Also
Concepts
Managing trust of third-party certification authorities
Certificate stores
Managing trust of user-selected certification authorities
Group Policy