Okey I had the need to check what values were set for the Software Publishing “State”. This is the registry value where Windows stores if it should do CRL revocation check or say all okey even if the CRL is unavailable. And some other stuff. I found all the values on the MSDN page WintrustGetRegPolicyFlags. So I wrote a small Powershell function to help decode it.
And here is the function:
Function Get-WintrustGetRegPolicyFlags
{
Begin
{
$WintrustGetRegPolicyFlags= @'
"Name","Description","Value"
"WTPF_TRUSTTEST","Trust any test certificate.",0x00000020,
"WTPF_TESTCANBEVALID","Check any test certificate for validity.",0x00000080,
"WTPF_IGNOREEXPIRATION","Use expiration date.",0x00000100,
"WTPF_IGNOREREVOKATION","Do revocation check.",0x00000200,
"WTPF_OFFLINEOK_IND","If the source is offline, trust any individual certificates.",0x00000400,
"WTPF_OFFLINEOK_COM","If the source is offline, trust any commercial certificates.",0x00000800,
"WTPF_OFFLINEOKNBU_IND","If the source is offline, trust any individual certificates. Do not use the user interface (UI).",0x00001000,
"WTPF_OFFLINEOKNBU_COM","If the source is offline, trust any commercial certificates. Do not use the checking UI.",0x00002000,
"WTPF_VERIFY_V1_OFF","Turn off verification of version 1.0 certificates.",0x00010000,
"WTPF_IGNOREREVOCATIONONTS","Ignore time stamp revocation checks.",0x00020000,
"WTPF_ALLOWONLYPERTRUST","Allow only items in personal trust database.",0x00040000
'@|ConvertFrom-Csv -Delimiter ','
}
Process
{
$SoftwarePublishing = Get-ItemProperty -Name 'State' -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing' |Select -ExpandProperty State
ForEach($Parameter in $WintrustGetRegPolicyFlags)
{
$Parameter | Select Name, @{l='Set';e={if (($SoftwarePublishing -band [int]($_.Value)) -eq [int]($_.Value)){$True}else{$False}}}, Description
}
}
}Sources: