GPO, SRP, Windows Server 2012.

%3CLINGO-SUB%20id%3D%22lingo-sub-202024%22%20slang%3D%22en-US%22%3EGPO%2C%20SRP%2C%20Windows%20Server%202012.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-202024%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20Guys%2C%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20trying%20to%20answer%20some%20questions%20on%20Software%20Restriction%20Policies%20that%20I%20have.%20Form%20this%20link%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fprevious-versions%2Fwindows%2Fit-pro%2Fwindows-server-2012-R2-and-2012%2Fhh994597(v%253dws.11)%23set-trusted-publisher-options%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fprevious-versions%2Fwindows%2Fit-pro%2Fwindows-server-2012-R2-and-2012%2Fhh994597(v%253dws.11)%23set-trusted-publisher-options%3C%2FA%3E%3C%2FP%3E%3CP%3EUnder%20the%20section%3A%20Set%20Trusted%20Publishers%20Options%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHere%20%26gt%3B%26gt%3B%26nbsp%3B%3CSPAN%3EThe%20policy%20settings%20in%20the%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3ETrusted%20Publishers%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3Btab%20of%20the%20certificate%20path%20validation%20policy%20allows%20administrators%20to%20control%20which%20certificates%20can%20be%20accepted%20as%20coming%20from%20a%20trusted%20publisher.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EDo%20I%20set%20this%20policy%20settings%20under%20trusted%20publishers%2C%20or%20under%26nbsp%3B%3CSTRONG%3E%3CSPAN%3EComputer%20Configuration%5CWindows%20Settings%5CSecurity%20Settings%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSPAN%3E%2C%20click%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EPublic%20Key%20Policies%3C%2FSTRONG%3E%3CSPAN%3E.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20don't%20understand%20what%20the%20difference%20is%20between%20the%20trusted%20publishers%20tab%20(of%20the%20SRP%20itself)%20and%20the%20%22Trusted%20Publishers%22%20under%20the%20security%20settings%20public%20key%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESorry%20I%20know%20its%20a%26nbsp%3Bstrange%20question%2C%20but%20the%20documentation%20isn't%20very%20clear%20on%20the%20differences%20between%20both%20locations.%20Why%20is%20there%20a%20setting%20on%20the%20SRP%20(Itself)%20and%20in%20Group%20Policy%20(per%20the%20doc)%20%3F%20The%20SRP%20settings%20DO%20NOT%20write%20to%20the%20security%20settings%5CPublic%20Key%20Policies%20on%20the%26nbsp%3Blocal%20client%20system.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%26nbsp%3B%3C%2FP%3E%3CP%3ERobert%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-202024%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EActive%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Contributor

Hey Guys, 

I am trying to answer some questions on Software Restriction Policies that I have. Form this link here: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh...

Under the section: Set Trusted Publishers Options

 

Here >> The policy settings in the Trusted Publishers tab of the certificate path validation policy allows administrators to control which certificates can be accepted as coming from a trusted publisher.

Do I set this policy settings under trusted publishers, or under Computer Configuration\Windows Settings\Security Settings, click Public Key Policies.

 

I don't understand what the difference is between the trusted publishers tab (of the SRP itself) and the "Trusted Publishers" under the security settings public key? 

 

Sorry I know its a strange question, but the documentation isn't very clear on the differences between both locations. Why is there a setting on the SRP (Itself) and in Group Policy (per the doc) ? The SRP settings DO NOT write to the security settings\Public Key Policies on the local client system. 

 

Thanks, 

Robert

 

 

 

0 Replies