{
	"id": "c9db5031-ed5c-4e66-a7a4-4347d9ba6169",
	"created_at": "2026-04-06T00:13:38.784282Z",
	"updated_at": "2026-04-10T13:11:59.702146Z",
	"deleted_at": null,
	"sha1_hash": "a7d3f284f2f8f4873613394617d1a28968da0341",
	"title": "Manage Trusted Publishers",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 40452,
	"plain_text": "Manage Trusted Publishers\r\nBy Archiveddocs\r\nArchived: 2026-04-05 20:08:36 UTC\r\nApplies To: Windows 7, Windows Server 2008 R2\r\nSoftware signing is being used by a growing number of software publishers and application developers to verify\r\nthat their applications come from a trusted source. However, many users do not understand or pay little attention\r\nto the signing certificates associated with applications that they install.\r\nThe policy settings in the Trusted Publishers tab of the certificate path validation policy allows administrators to\r\ncontrol which certificates can be accepted as coming from a trusted publisher.\r\nThis topic includes procedures for the following tasks:\r\nConfiguring the trusted publishers policy settings for a local computer\r\nConfiguring the trusted publishers policy settings for a domain\r\nAllowing only administrators to manage certificates used for code signing for a local computer\r\nAllowing only administrators to manage certificates used for code signing for a domain\r\nConfiguring the trusted publishers policy settings for a local computer\r\nAdministrators is the minimum group membership required to complete this procedure.\r\nTo configure the trusted publishers policy settings for a local computer\r\n1. Click Start, type gpedit.msc in the Search programs and files box, and then press ENTER.\r\n2. In the console tree under Local Computer Policy\\Computer Configuration\\Windows Settings\\Security\r\nSettings, click Public Key Policies.\r\n3. Double-click Certificate Path Validation Settings, and then click the Trusted Publishers tab.\r\n4. Select the Define these policy settings check box, select the policy settings that you want to apply, and\r\nthen click OK to apply the new settings.\r\nConfiguring the trusted publishers policy settings for a domain\r\nDomain Admins is the minimum group membership required to complete this procedure.\r\nTo configure the trusted publishers policy settings for a domain\r\nhttps://technet.microsoft.com/en-us/library/cc733026.aspx\r\nPage 1 of 3\n\n1. Click Start, point to Administrative Tools, and click Server Manager.\r\n2. Under Features Summary, click Add Features. Select the Group Policy Management check box, click\r\nNext, and then click Install.\r\n3. After the Installation Results page shows that the installation of the Group Policy Management Console\r\n(GPMC) was successful, click Close.\r\n4. Click Start, point to Administrative Tools, and then click Group Policy Management.\r\n5. In the console tree, double-click Group Policy Objects in the forest and domain containing the Default\r\nDomain Policy Group Policy object (GPO) that you want to edit.\r\n6. Right-click the Default Domain Policy GPO, and then click Edit.\r\n7. In the console tree under Computer Configuration\\Windows Settings\\Security Settings, click Public\r\nKey Policies.\r\n8. Double-click Certificate Path Validation Settings, and then click the Trusted Publishers tab.\r\n9. Select the Define these policy settings check box, select the policy settings that you want to apply, and\r\nthen click OK to apply the new settings.\r\nAllowing only administrators to manage certificates used for code signing for a\r\nlocal computer\r\nAdministrators is the minimum group membership required to complete this procedure.\r\nTo allow only administrators to manage certificates used for code signing for a local computer\r\n1. Click Start, type gpedit.msc in the Search programs and files, and then press ENTER.\r\n2. In the console tree under Default Domain Policy or Local Computer Policy, double-click Computer\r\nConfiguration, Windows Settings, and Security Settings, and then click Public Key Policies.\r\n3. Double-click Certificate Path Validation Settings, and then click the Trusted Publishers tab.\r\n4. Select the Define these policy settings check box.\r\n5. Under Trusted publisher management, click Allow only all administrators to manage Trusted\r\nPublishers, and then click OK to apply the new settings.\r\nAllowing only administrators to manage certificates used for code signing for a\r\ndomain\r\nDomain Admins is the minimum group membership required to complete this procedure.\r\nTo allow only administrators to manage certificates used for code signing for a domain\r\nhttps://technet.microsoft.com/en-us/library/cc733026.aspx\r\nPage 2 of 3\n\n1. Click Start, point to Administrative Tools, and click Server Manager.\r\n2. Under Features Summary, click Add Features. Select the Group Policy Management check box, click\r\nNext, and then click Install.\r\n3. After the Installation Results page shows that the installation of the GPMC was successful, click Close.\r\n4. Click Start, point to Administrative Tools, and then click Group Policy Management.\r\n5. In the console tree, double-click Group Policy Objects in the forest and domain containing the Default\r\nDomain Policy GPO that you want to edit.\r\n6. Right-click the Default Domain Policy GPO, and then click Edit.\r\n7. In the console tree under Computer Configuration\\Windows Settings\\Security Settings, click Public\r\nKey Policies.\r\n8. Double-click Certificate Path Validation Settings, and then click the Trusted Publishers tab.\r\n9. Select the Define these policy settings check box, implement the changes you want, and then click OK to\r\napply the new settings.\r\nAdditional references\r\nCertificate Path Validation\r\nSource: https://technet.microsoft.com/en-us/library/cc733026.aspx\r\nhttps://technet.microsoft.com/en-us/library/cc733026.aspx\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://technet.microsoft.com/en-us/library/cc733026.aspx"
	],
	"report_names": [
		"cc733026.aspx"
	],
	"threat_actors": [],
	"ts_created_at": 1775434418,
	"ts_updated_at": 1775826719,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a7d3f284f2f8f4873613394617d1a28968da0341.pdf",
		"text": "https://archive.orkl.eu/a7d3f284f2f8f4873613394617d1a28968da0341.txt",
		"img": "https://archive.orkl.eu/a7d3f284f2f8f4873613394617d1a28968da0341.jpg"
	}
}