Description:
Provides 4 types of services:- Catalog Database Service, which confirms the signatures of Windows files (Windows File Protection) and whether drivers are signed correctly (WHQL) and allowing new programs to be installed.
- Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer
- Key Service, which helps enroll this computer for certificates
- (Vista+) Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL
Note the database, that contains information of what updates have been applied, can become corrupted and will cause this service to fail. To clear the database execute the following commands (If getting access denied when renaming the directory, then boot in safemode and try again):Setup could not verify the integrity of the file Update.inf. Make sure the Cryptographic service is running on this computer
- net stop cryptsvc
- del /q %systemroot%\system32\catroot2\Edb*.log
- del /q %systemroot%\security\Edb*.log
- net start cryptsvc
Related Fix a non-working Windows UpdateError Disabling Connection
It is not possible to disable the connection at this time. This connection may be using one or more protocols that do not support Plug-and-Play, or it may have been initiated by another user or the system account.
More Info MS KB281458
More Info MS KB316524
More Info MS KB813442
More Info MS KB813444
More Info MS KB822798 (Replaces MS KB326815)
Recommended State:
- Automatic
Default State:
- Automatic
Process Name:
- Win8/Win7/Vista - svchost.exe -k NetworkService (CryptSvc)
- WinXP/Win2k3 - svchost.exe -k netsvcs (CryptSvc)
Supports:
- Application Identity (Win7+)
- Automatic Updates (Unofficial)
Cryptographic Services seems to have the default state Manual with XP-SP2, with Windows Update working well like that. Just an update note.
I have now looked at several XP-SP2 installation (Both slipstreamed and upgraded) and all had the service set to Automatic. But I have also seen many places that XP will work fine with the service set to Manual, so I will update my "Trimmed" recommendation.