Windows 10 – Updating Trusted Root Certificates List

Since Windows 8.1, Microsoft changed the way Trusted Root Certificates List (TRCL) get’s updated.

Now, it uses the Windows Update services to do this, and this can be an issue for some enterprises with machines that don’t have Internet access or if you disabled Windows Update in your environment.

Also, if you want to look at this in a different way, it allows you as a SysAdmin to completely control which certificates are allowed or not in your environment.

So, here’s a quick procedure on how you can update that the TRCL without Windows Update enabled:

1. Downloading Updated TRCL
• On a machine with Internet access run the following command:
  certutil –generateSSTFromWU roots.sst
• Then grab that file and create a package with your endpoint management software (ex.: SCCM)
  
  
2. Installing the Updated TRCL
• Now that you have generated your SST file, you just need to import the certificates to your machines.
• For this one, the easiest way is to create a powershell script with the following line:
  $sst_file = (Get-ChildItem –Path C:\roots.sst)
  $sst_file | Import-Certificate –CertStoreLocation Cert:\LocalMachine\Root

And that’s it!

Understanding the Intelligent Edge

Nowadays,with everything evolving at the speed of light, there’s a lot of initials, acronyms and concepts to catch up.

One of the most recent ones is the Intelligent Edge.
In a very very very resumed and simplified way, Intelligent Edge it’s all about the devices, or IoT devices if you like, that connect to the cloud, and the concept itself it’s to bring “intelligence” to this devices so they don’t need to do everything in the cloud and also the ability to make this devices talk to each other without the need of using the Cloud to do it.

Microsoft just launched recently a video from the series “Explanimators” about this: