Sure - strong assembly signing. It serves to validate that the executables you are loading are actually from who they say they are from.
Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -----Original Message----- From: Christopher [mailto:c.bo...@gmail.com] Sent: Tuesday, February 09, 2010 12:07 PM To: NT System Admin Issues Subject: Authenticode, Internet Access, and program loading times, Oh my! OK, here is the setting in question: System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies and this relates to the regkey "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifier\AuthenticodeEnabled". Now, if I understand correctly, this enables certificate checking rules for executables in Software Restriction policies so that programs are checked for authentic digital signatures, right?. Now say you're not actually using any software restriction policies, is there any benefit to enabling this? The reason I ask, is that I have several domain workstations (no internet access, mind you) that exhibit very long log on times and slow loading of things like Adobe and Office apps with that regkey enabled, and if I turn this setting off, it goes way and everything is nice and fast like it should be. Note: this is a required setting per some configuration guides that I must follow, but they don't elaborate on it much and I'm not sure exactly what it's doing and what the benefit is. Another thing to note: These systems don't have internet access. Is it possible, these certificate checking rules are causing the system to try and phone home and update a root CA list or verify the certificate somehow, and the timeout is causing the program startup delay? The other interesting thing here, is that this setting doesn't show up on a default SP3 install of XP. Maybe I'm missing an ADM. Yours Truly, -cb ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~