TR Forums

[HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing]

DWORD "State" under that. It seems that it's related to .NET certificate junk but also at least one setting in IE Advanced Settings messes with it. It's a bitmask with the following values...

.NET settings:


IE Advanced Settings:


Possible setting defined in WinTrust.h:


I think there are some values that are low, like 0x08 and 0x01, but I'm not sure where to look or what GPOs or settings might be affecting this registry key. Any suggestions?

regmon?

Process monitor from Sysinternals suite. It's a free Microsoft backed software suite that is a must have for any software developer.

Madman wrote:

Process monitor from Sysinternals suite. It's a free Microsoft backed software suite that is a must have for any software developer.

Slight nitpick here. Mark Russinovich and Bryce Cogswell (Damn you, Spacely!!) wrote all of the Sysinternals stuff long before they were assimilated by Microsoft. Essentially, MS realized that the Sysinternals applets fixed so many of the geeky nags inherent in NT-based Windows that they paid off the Sysinternals crew and brought it in-house. MS had no part in the development of these tools.

That said, the Sysinternals stuff is pure gold for those who need to delve into the nitty-gritty of Windows issues. My personal favorites are Autoruns and ProcMon. I do wish they'd update Rootkit Revealer.

Captain Ned wrote:

Madman wrote:

Process monitor from Sysinternals suite. It's a free Microsoft backed software suite that is a must have for any software developer.

Slight nitpick here. Mark Russinovich and Bryce Cogswell (Damn you, Spacely!!) wrote all of the Sysinternals stuff long before they were assimilated by Microsoft. Essentially, MS realized that the Sysinternals applets fixed so many of the geeky nags inherent in NT-based Windows that they paid off the Sysinternals crew and brought it in-house. MS had no part in the development of these tools.

Nitpick of your nitpick. Since Microsoft effectively assimilated Sysinternals lock stock and barrel and now host the Sysinternals content and tools, saying that it is "Microsoft backed" is in fact technically correct, in the same way that it is correct to say that Hotmail, Skype, etc. are Microsoft products even though they were originally developed by third parties.

Well, procmon is neat but doesn't help. I put in some filters for:

HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State

Many iexplore.exe hits when I mess with Advanced settings, but the gist is that it reads the key and sets it to the current setting and then closes the key. Only one setting I've found so far actually sets a different value but I already knew about it. I can see when the GPO gets applied periodically but that just writes a value, doesn't really tell me what value goes with what. The other values I think might be related like these:

Allow software to run or install even if the signature is invalid
Check for server certificate revocation
Check for signatures on downloaded programs

...all check the key and don't write a new value to it and then go and toggle a specific key in a different place that's particular to that function. So possibly some of the lower value bitmasks were legacy for IE 3.x and earlier? I'd buy that but I haven't yet found something that shows a depreciated listing or somethin' of that sort.

So it's a handy tool but I don't think it's going to help me divine the values that I don't already know.

I dunno how to do that. As in, how do I export my current GPO in .adm or .admx format? All I see are ways to write your own and add/remove them.

A bit more info but not much: http://social.technet.microsoft.com/wik ... ogged.aspx

WTPF_TRUSTTEST -Trust any test certificate. 0x00000020
WTPF_TESTCANBEVALID - Check any test certificate for validity. 0x00000080

I'll edit the first post with the "Check any test certificate for validity" bit, I guess.

So this is kind of where I'm at: http://social.technet.microsoft.com/For ... c9161396a1

Relevant bit:

The point is we are trying to set the following advanced options in IE7 to disabled:

•Check for publisher's certificate revocation
•Check for server certificate revocation
Creating this gpo supposedly should set the following registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

•default setting (both settings enabled): 0x00023c00 (166432)
•after manually setting both disabled: 0x23e00 (146944)
•after applying the GP preference settings: 0x002c9 (713)

So we do have those two settings set via GPO. I already know that "Check for publisher's certificate revocation" is responsible for the 0x200 difference there. And "Check for server certificate revocation" doesn't affect it. But pushing those out via GPO somehow corrupts the rest of the settings? You end up with 0x2C9?

Is this a MS bug? My solution would be to get rid of those settings via GPO and instead push out the proper registry keys for them, I guess. But it still bugs me that it's setting that funky value.