<div>
note that certificates in general are just registry keys - local machine or user depending on where they were imported to. so, a GPO that can delete that specific registry key (from \Software\Microsoft\System<wbr />Certificat<wbr />es\ ) would be enough.
</div>


note that certificates in general are just registry keys - local machine or user depending on where they were imported to. so, a GPO that can delete that specific registry key (from \Software\Microsoft\SystemCertificates\ ) would be enough.

<div>
Thanks for the quick replies. CoccoBill's solution works but with one issue.<br />
I get a delete confirmation popup.<br />
<br />
Apart from using an autoit tab&gt;enter script, is there an undocument silent or force switch?<br />
I will close the question after getting response for this (do-able or otherwise)
</div>


Thanks for the quick replies. CoccoBill's solution works but with one issue.
I get a delete confirmation popup.

Apart from using an autoit tab>enter script, is there an undocument silent or force switch?
I will close the question after getting response for this (do-able or otherwise)

<div>
<div class="content wysiwyg-content">
We are testing a temporary trusted root certificate issued by a Mainframe in our organisation. this root will be trusted only by computers in a certain OU, not enterprisewide.<br />
<br />
The certificate can be delivered to an OU by importing the certificate into a GPO ( Computer config&gt;Windows&gt;Security&gt;Pu<wbr />blic Key&gt;Trusted Root.<br />
<br />
My question is, once we are done testing, how do I take this certificate out of the Computer's Trusted root cert store for computers in the OU? <br />
I'd rather not create a CRL/CTL, as this is just a temp cert. <br />
- Is it doable using a GPO?<br />
- If not, can this be deleted by a commandline?
</div>
</div>


We are testing a temporary trusted root certificate issued by a Mainframe in our organisation. this root will be trusted only by computers in a certain OU, not enterprisewide.

The certificate can be delivered to an OU by importing the certificate into a GPO ( Computer config>Windows>Security>Public Key>Trusted Root.

My question is, once we are done testing, how do I take this certificate out of the Computer's Trusted root cert store for computers in the OU? 
I'd rather not create a CRL/CTL, as this is just a temp cert. 
- Is it doable using a GPO?
- If not, can this be deleted by a commandline?

How to remove   Trusted root certificate using GPO

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

SSL / HTTPS

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.