Custom ADM template for managing “Check for publisher’s certificate revocation” in Internet Explorer


Hi everyone!


We’ve had some requests come in asking for an ADM template that would give Administrators the option to Enable or Disable the “Check for publisher’s certificate revocation” Internet Explorer option.  In any event, here it is.  Simply cut/paste the content below into a file with .ADM extension and then add custom template manually:


CLASS USER
CATEGORY “Windows Components”
CATEGORY “Internet Explorer”
CATEGORY “Internet Control Panel”
CATEGORY “Advanced Page”
POLICY “Check for publisher’s certificate revocation”
KEYNAME “Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing”
EXPLAIN “Custom ADM template to Enable/Disable the IE advanced option, “Check for publisher’s certificate revocation””
PART State DROPDOWNLIST REQUIRED
VALUENAME “State”
ITEMLIST
NAME Enabled VALUE NUMERIC 146432
NAME Disabled VALUE NUMERIC 146944
END ITEMLIST
END PART
END POLICY
END CATEGORY
END CATEGORY
END CATEGORY
END CATEGORY


Please note:  You will need to disable the Group Policy filter option, “Only show policy settings that can be fully managed”, before the custom ADM template policy will be displayed:


image


Well, that’s all for now!


Regards,


The IE Support Team

Comments (8)

  1. Anonymous says:

    Do you know where I can get a custom adm to mange IE 6 & 7 history settings to include temp file settings? Thanks.  

  2. Anonymous says:

    Does this apply to the SYSTEM account as well?

  3. Anonymous says:

    Hmmm…importing the ADM doesn't seem to fly:

    Error on line 20

    Unexpected Keyword:

    Found: CATEGOR

    Expected: CATEGORY

  4. Anonymous says:

    I had a performance problem with IE when it was checking publisher revocation.  It turns out that apparently when the CryptoAPI attempts to discover the WPAD proxy in IE settings, it resolves the hostname to IP address and then uses that instead of the hostname as the host header.  My WPAD IIS server had a unique host header so the queries were failing.  By adding the servers IP address to the list of host headers for the WPAD site, the problems went away.  Seems like a general bug in the way the certificates are verified.

  5. Anonymous says:

    thank you very much ,, worked like a charme!

  6. Anonymous says:

    @ Ytsejamer1:

    I know it's a yoear old but:

    you have to add a blank line at the end to avoid this error

  7. Anonymous says:

    Hi, I have added the adm policy, and yes it is applied (i can see it in the gpresult /r) but when I am checking, in internet explorer, there is nothing changed. The setting “Check for publisher's certificate revocation” is still changeable.

    The DC Server is Windows 2003, domain level is also 2003.

    The client is PC with Windows 7.

    Any clue ?

  8. Anonymous says:

    The policy changes the state to disable or enable, this will not disable the chance to change it at the advance IE options.