DWORD "State" under that. It seems that it's related to .NET certificate junk but also at least one setting in IE Advanced Settings messes with it. It's a bitmask with the following values...
.NET settings:
Code: Select all
1) Trust the Test Root........................... TRUE 0xA0
2) Use expiration date on certificates........... TRUE -0x100
3) Check the revocation list..................... TRUE -0x200
4) Offline revocation server OK (Individual)..... TRUE 0x400
5) Offline revocation server OK (Commercial)..... TRUE 0x800
6) Java offline revocation server OK (Individual) TRUE 0x1000
7) Java offline revocation server OK (Commercial) TRUE 0x2000
8) Invalidate version 1 signed objects........... TRUE 0x10000
9) Check the revocation list on Time Stamp Signer TRUE -0x20000
10) Only trust items found in the Trust DB........ TRUE 0x40000
IE Advanced Settings:
Code: Select all
Check for publisher's certificate revocation TRUE -0x200
Possible setting defined in WinTrust.h:
Code: Select all
#define WTPF_TRUSTTEST 0x00000020 // trust any "TEST" certificate
#define WTPF_TESTCANBEVALID 0x00000080 // Check any test certificate for validity
I think there are some values that are low, like 0x08 and 0x01, but I'm not sure where to look or what GPOs or settings might be affecting this registry key. Any suggestions?