This resolution is available for disconnected and connected environments.There are two procedures to complete to customize the list of trusted CTLs.

wsus not updating computer list-23wsus not updating computer list-70

This section describes how you can produce, review, and filter the trusted CTLs that you want computers in your organization to use.

You must implement the GPOs described in the previous procedures to make use of this resolution.

These sections provide more information about command options and the error conditions.

The trusted and untrusted CTLs can be updated on a daily basis, so ensure that you keep the files synchronized by using a scheduled task or another method to update the shared folder or virtual directory.

The GPO modifications implemented in this document alter the registry settings of the affected computers.

You cannot undo these settings by deleting or unlinking the GPO.These settings must be specifically reconfigured, if you want to change them.Generate SST by using the automatic update mechanism. The generated file contains the non_Microsoft root certificates that were downloaded by using the automatic update mechanism.For additional details about creating a scheduled task, see Schedule a Task.If you plan to write a script to make daily updates, see the New Certutil Options and Potential errors with Certutil -Sync With WU sections of this document.Computers that can connect to the Windows Update site are able to receive updated CTLs on a daily basis (if they are running Windows Server 2012, Windows 8, or the previously mentioned software updates are installed on supported operating systems).