Certificate trust problem

[io4master]

After applying the script on my hyper-v vm, most sites (except Microsoft, or google...) have certificate errors (untrusted / insecure). The VM runs W10 Enterprise 1909 on Workgroup. Any idea on what's causing this?

[sandude-ms]

Can up attach a screen shot of the error? Are there any corresponding errors in the event log?

[io4master]

Sure, here are some screenshots (in the docx file). However, i'm not sure where to look in the EventViewer... Certificate Errors.docx

I'm pretty sure the problem appears after applying the LGPO portion of the script.

I also tested the other versions of the script and I have the same behaviour with 1909 and 1903 but not with 1803.

[sandude-ms]

I was able to reproduce the issue, and confirm that it is something in local policy. I am going through that now and will let you know when I figure out what it is. I apologize for the problem and will work to get it fixed as soon as possible.

[sandude-ms]

I found the problem. I had set the policy "Local Computer Policy \ Computer Configuration \ Administrative Templates \ System \ Internet Communication Management\ Internet Communication settings \ "Turn off Automatic Root Certificates Update". I have a note in the documentation that this setting should not be enabled unless an alternate means is provided to deliver root certificates to the computers. I will fix this now and update the LGPO settings for 1909. For a workaround you can turn off this setting in the reference image.

[sandude-ms]

The updated LGPO files are in the "pending" branch, here: https://github.com/TheVDIGuys/Windows_10_VDI_Optimize/tree/Pending/1909/LGPO If you could give those a try and let us know the solution, we can then get those merged.

[io4master]

I tested the updated files and it resolved the issue. Great job!

[tmmuessig]

Issue has been resolved, updated files have been pushed to the master branch