Configure root certificate clean up

Supported on: At least Windows Vista

Registry

HKLM SOFTWARE\Policies\Microsoft\Windows\CertProp

Options

RootCertificateCleanupOption enum

No cleanup -> 0
Clean up certificates on smart card removal -> 1
Clean up certificates on log off -> 2

Description

This policy setting allows you to manage the clean up behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate clean up will occur on log off.