Federal Common Policy CA G2 Distribution Detection

Federal Common Policy CA G2 Distribution Detection This analysis will detect whether COMMON has been redistributed via GPO or Active Directory.

Depending on how COMMON is redistributed to end-points, one of two pairs of registry keys is created:

AD Distribution
- HKLM:\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028\
- HKLM:\SOFTWARE\WOW6432Node\Microsoft\EnterpriseCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028\

GPO Distribution
- HKLM:\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028\
- HKLM:\SOFTWARE\WOW6432Node\Policies\Microsoft\SystemCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028\

Results: If one of these pairs is detected, the analysis will return a value of "TRUE".

]]> true Internal 2020-10-15 x-fixlet-modification-time Tue, 20 Oct 2020 18:02:27 +0000 BES operating system ((exists key "HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of registry) AND (exists key "HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\SystemCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of registry)) OR ((exists key "HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of native registry) AND (exists key "HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\SystemCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of native registry)) OR ((exists key "HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of (if x64 of operating system then (x32 registry; x64 registry) else x32 registry)) AND (exists key "HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\SystemCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of (if x64 of operating system then (x32 registry; x64 registry) else x32 registry))) OR ((exists key "HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of registry) AND (exists key "HKLM\SOFTWARE\WOW6432Node\Microsoft\EnterpriseCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of registry)) OR ((exists key "HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of native registry) AND (exists key "HKLM\SOFTWARE\WOW6432Node\Microsoft\EnterpriseCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of native registry)) OR ((exists key "HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of (if x64 of operating system then (x32 registry; x64 registry) else x32 registry)) AND (exists key "HKLM\SOFTWARE\WOW6432Node\Microsoft\EnterpriseCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of (if x64 of operating system then (x32 registry; x64 registry) else x32 registry)))