Compartilhar via


Custom ADM template for managing “Check for publisher's certificate revocation” in Internet Explorer

Hi everyone!

We’ve had some requests come in asking for an ADM template that would give Administrators the option to Enable or Disable the “Check for publisher's certificate revocation” Internet Explorer option.  In any event, here it is.  Simply cut/paste the content below into a file with .ADM extension and then add custom template manually:

CLASS USER
CATEGORY "Windows Components"
CATEGORY "Internet Explorer"
CATEGORY "Internet Control Panel"
CATEGORY "Advanced Page"
POLICY "Check for publisher's certificate revocation"
KEYNAME "Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing"
EXPLAIN "Custom ADM template to Enable/Disable the IE advanced option, “Check for publisher's certificate revocation”"
PART State DROPDOWNLIST REQUIRED
VALUENAME "State"
ITEMLIST
NAME Enabled VALUE NUMERIC 146432
NAME Disabled VALUE NUMERIC 146944
END ITEMLIST
END PART
END POLICY
END CATEGORY
END CATEGORY
END CATEGORY
END CATEGORY

Please note:   You will need to disable the Group Policy filter option, “Only show policy settings that can be fully managed”, before the custom ADM template policy will be displayed:

image

Well, that’s all for now!

Regards,

The IE Support Team

Comments

  • Anonymous
    October 23, 2009
    Do you know where I can get a custom adm to mange IE 6 & 7 history settings to include temp file settings? Thanks.  
  • Anonymous
    February 03, 2010
    Does this apply to the SYSTEM account as well?
  • Anonymous
    June 22, 2010
    The comment has been removed
  • Anonymous
    August 31, 2010
    I had a performance problem with IE when it was checking publisher revocation.  It turns out that apparently when the CryptoAPI attempts to discover the WPAD proxy in IE settings, it resolves the hostname to IP address and then uses that instead of the hostname as the host header.  My WPAD IIS server had a unique host header so the queries were failing.  By adding the servers IP address to the list of host headers for the WPAD site, the problems went away.  Seems like a general bug in the way the certificates are verified.
  • Anonymous
    January 31, 2011
    thank you very much ,, worked like a charme!
  • Anonymous
    June 13, 2011
    The comment has been removed
  • Anonymous
    June 22, 2011
    Hi, I have added the adm policy, and yes it is applied (i can see it in the gpresult /r) but when I am checking, in internet explorer, there is nothing changed. The setting “Check for publisher's certificate revocation” is still changeable.The DC Server is Windows 2003, domain level is also 2003.The client is PC with Windows 7.Any clue ?
  • Anonymous
    August 30, 2011
    The policy changes the state to disable or enable, this will not disable the chance to change it at the advance IE options.