| TABLE 1: User PKI Trust Management Mechanisms |
| Mechanism | Scope | Managed By | Management Interface or Mechanism |
| Machine certificate store | Machine | Local Administrator | MMC Certificates snap-in |
| User certificate store | User | User | MMC Certificates snap-in, IE certificates viewer |
| Enterprise Trust (CTLs) | Depends on the AD object that the GPO is linked to | GPO Administrator | GPO Editor |
| Trusted root CAs | Depends on the AD object that the GPO is linked to | GPO Administrator | GPO Editor, certutil.exe -dspublish RootCA command |
| NTAuth store | Forest | Forest or Domain Administrator | Certutil.exe -dspublish NTAuth command |
| Windows Update | All machines with the Root Certificate Update Service enabled | Forest or Domain Administrator, Microsoft | Microsoft Root Certificate Program |