RE: How to fix broken security in Windows 2000?

From: Eric Ice (Ice_at_discussions.microsoft.com)
Date: 02/09/05 

Date: Tue, 8 Feb 2005 17:09:01 -0800

Thank you for posting Shannon, had I found the website you posted earlier I
could have saved both 39.95 for diagnostic software that found problems but
didn't fix my issues with the certificates. It also would have saved me four
hours of my time. My problem started when I couldn't check for Windows
updates and progressed to finding and removing a bunch of spy programs. I
agree with your comments on Microsoft's support efforts, I'm still waiting
for a reply from their online help.

I still haven't been able to run the update scan for Windows but the Office
update works now and I am able to "We've made improvements to our website. To
download the new version of the software and begin using Windows Update,
please click Update Now." page for Windows update. Now the problem is that
the new software won't load.

Anyway, thanks again.

"Shannon Jacobs" wrote:

> In http://support.microsoft.com/default.aspx?scid=kb;en-us;293781 there is
> the very interesting comment:
>
> "As you may have noticed in the provided information, some of the
> certificates have expired. However, these certificates are necessary for
> backwards compatibility. Even if there is an expired trusted root
> certificate, anything that was signed with that certificate prior to the
> expiration date needs that trusted root certificate to be validated. As long
> as expired certificates are not revoked, it can be used to validate anything
> that was signed prior to its expiration."
>
> Oh! *NOW* you [Microsoft] tell me. Just too bad the information wasn't
> provided earlier.
>
> Been wrestling with this problem for several weeks, and though I'm not
> certain, I very strongly suspect that what happened is that I deleted a
> required security certificate in the foolish belief that the expiration date
> had some meaning. Quite trivial to do from IE: Tools menu -> Internet
> Options command -> Content tab -> Certificates button -> Trusted Root
> Certificates tab. Not certain because it happened a while ago and the
> resulting problem is minor, though annoying. Some possibility it may have
> been caused by a WindowsUpdate, possibly even one that was pushed onto my
> machine by the corporate IT people.
>
> The problem itself is that the computer complains about a new file version
> that it can't check. It doesn't reveal what file, and it doesn't actually
> say anything about a missing security certificate, but I'm pretty sure
> that's what's going on. The SFC fails to run, which is apparently related.
>
> I'm pretty sure that all of the root certificates have been restored, but
> either there is a missing certificate somewhere else, or it is some kind of
> chain reaction thing.
>
> Anyone else having similar problems? Any suggestions about how to fix it?
> Diagnostic steps to identify the missing certificate or even the affected
> file?
>
>