Policy
Turn off Automatic Root Certificates Update
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2003, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista, WindowsXP
This policy setting specifies whether to automatically update root certificates using the Windows Update website. Typically, a certificate is used when you use a secure website or when you send and receive secure email. Anyone can issue certificates, but to have transactions that are as secure as possible, certificates must be issued by a trusted certificate authority (CA). Microsoft has included a list in Windows XP and other products of companies and organizations that it considers trusted authorities. If you enable this policy setting, when you are presented with a certificate issued by an untrusted root authority, your computer will not contact the Windows Update website to see if Microsoft has added the CA to its list of trusted authorities. If you disable or do not configure this policy setting, your computer will contact the Windows Update website.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.
Other policies in this category
Explore related policies at the same level.
- ComputerTurn off access to all Windows Update featuresAt least Windows Server 2003 operating systems, Windows XP Professional Service Pack 1, or Windows 2000 Service Pack 3
- UserTurn off access to the StoreAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerTurn off access to the StoreAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerTurn off downloading of print drivers over HTTPAt least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
- UserTurn off downloading of print drivers over HTTPAt least Windows XP Professional with SP2
- ComputerTurn off Event Viewer "Events.asp" linksAt least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
- ComputerTurn off Help and Support Center "Did you know?" contentAt least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
- ComputerTurn off Help and Support Center Microsoft Knowledge Base searchAt least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
- UserTurn off Help Experience Improvement ProgramAt least Windows Vista
- UserTurn off Help RatingsAt least Windows Vista
- ComputerTurn off Internet Connection Wizard if URL connection is referring to Microsoft.comAt least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
- UserTurn off Internet download for Web publishing and online ordering wizardsAt least Windows Server 2003 operating systems or Windows XP Professional with SP2