Feature: Import AuthRoot.cab/DisallowedCert.cab or STL certificate store files

[OpenSource Ghost]

It looks like it is not possible to use NTLite to import AuthRoot.cab and DisallowedCert.cab files. Inside CAB files are STL certificate store files and are nromally downloadedupdated through Microsoft's certificate store program. I think NTLite should introduce a new feature that allows for importing of such files.

 

[garlin]

Not all CAB files work as component updates. Certificate Stores are actually saved in the registry, so CertUtil commands can't apply changes to any offline images. Technically it could be done by updating a live system, exporting the store hive to a reg file, and importing it -- but that's not considered proper.

I would run asheroto's RootCertificateUpdaterScript.ps1 from Post-Setup commands. This script immediate updates AuthRoots & DisallowedCerts trust lists, instead of waiting for WU to refresh it within 7 days.

For other certs, add them as $OEM$ local files and run "CertUtil -addstore" commands to import them.