Hi. In the MMC Certificates snap-in, why are there so few certificates installed under 'Trusted Root Certification Authorities -> Certificates' in Windows Server 2008 compared with previous versions of Windows? I have about 10 listed on each of my Windows 2008 servers. A lot of the big names are missing e.g. 'GeoTrust Global CA', 'GlobalSign Root CA' which is a bit concerning. Thanks.

the certificates are downloaded online from Microsoft Update and installed into the Trusted Root Certification Authorities store only at the time of their first validation. So if you do not see the GeoTrust yet, it is just because none of your applications has ever needed to validate any leaf certificate which would be issued by the GetTrust CA. The GeoTrust CA certificate will appear there for example once you hit any web page that uses a certificate from that GeoTrust CA. This process is called "Automatic Root Certificate Update" and can be even disabled by configuring the Group Policy at Computer Settings / Administrative Templates / System / Internet Communication Management / Turn off Automatic Root Certificate Update ondrej.

the certificates are downloaded online from Microsoft Update and installed into the Trusted Root Certification Authorities store only at the time of their first validation. So if you do not see the GeoTrust yet, it is just because none of your applications has ever needed to validate any leaf certificate which would be issued by the GetTrust CA. The GeoTrust CA certificate will appear there for example once you hit any web page that uses a certificate from that GeoTrust CA. This process is called "Automatic Root Certificate Update" and can be even disabled by configuring the Group Policy at Computer Settings / Administrative Templates / System / Internet Communication Management / Turn off Automatic Root Certificate Update ondrej.