Removing certificate from GPO prompts warning: "Deleting system root certificates might prevent some Windows..."

SenhorDolas 1,321 Reputation points
2024-07-02T16:40:35.37+00:00

Hi

This is a GPO to deploy the SCCM WSUS certificates for 3rd party apps to install on clients.

These are 2 x certs, same cert is deployed to Trusted Root Cert Auth and Trusted Publishers stores.

The cert has been reissued and the new one is already on all clients, now we need to remove the GPO setting that is enforcing the old superseded certificate.

When doing a delete I get this warning... see pic

User's image

thanks

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,595 questions
0 comments No comments
{count} votes

Accepted answer
  1. Yanhong Liu 14,005 Reputation points Microsoft Vendor
    2024-07-03T06:12:09.3+00:00

    Hello,

    Thank you for posting in Q&A forum.

    When you need to remove an old, superseded certificate from a Group Policy Object (GPO), you will indeed encounter a warning message stating that "Removing system root certificates may prevent some Windows features from functioning properly." This warning appears because the Windows operating system relies on a set of pre-established trusted root certificates to ensure the integrity and security of system components, updates, and services. Removing any of these certificates may cause the system to fail to properly verify signatures, thus affecting system stability and security.

    However, in your case, since the new certificate has been successfully deployed and has overwritten the functionality of the old certificate, it is safe to proceed. But make sure you have backups and that the new certificate is in effect and working properly on all clients, just in case.

    I hope the information above is helpful.

    Best Regards,

    Yanhong Liu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.