– Edited 26 Nov 2015 –
Deploy eDellRoot and DSDTestProvider removal tool.bes
Dell has released the official KB page acknowledging both the eDellRoot and DSDTestProvider. An eDellRoot and DSDTestProvider removal tool was also provided in the KB page. This Fixlet helps to deploy the removal tool. Big thanks to James (@jgstew) for all the help!
Note: This Fixlet is not yet tested as the removal tool seems only run on affected Dell computers. Any field test and feedback is greatly appreciated.
– 25 Nov 2015 –
Revoke eDellRoot Certificate - Enable Workaround.bes
Here is a Fixlet which (hopefully) does the job. Kindly see below the detailed analysis. I can go wrong in many ways, so please do correct me.
Note: the Fixlet is in BETA stage, please test before deploying to production.
– Relevance #1 –
exists keys "Root\Certificates\98A04E4163357790C4A79E6D713FF0AF51FE6927" of keys "Software\Microsoft\SystemCertificates" of (keys whose (exists key "Software\Microsoft\SystemCertificates" of it) of key "HKEY_USERS" of it; keys "HKEY_LOCAL_MACHINE" of it) of native registry
This relevance tries to see whether the eDellRoot certificate exists in all ‘Trusted Root Certification Authorities’ stores. I am trying to use the certificate’s thumbprint to identify it.
– Relevance #2 –
not exists key "HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed\Certificates\98A04E4163357790C4A79E6D713FF0AF51FE6927" of native registry
The eDellRoot Certificate is not yet in the “Untrusted Certificates” store.
– Action Script –
The action script creates a .reg file which writes the eDellRoot Certificate as a blob into the “Untrusted Certificates” store, effectively revoking the certificate.
The official removal instructions published by Dell includes deleting of certain DLLs/services which will keep installing this certificate. Since the action script does not delete the certificate but rather revokes it, I chose not to handle the DLLs to minimize any possible issue.
– Additional FYI –
There was a eDellRootCertFix.exe that’s once released in Dell’s official post. I decided not to use this tool, for the following reasons:
- At the time of editing this post, Dell has pulled back this tool from the post.
- Some users reported serious issue with this tool, in the replies of the post.
- It requires .NET 4.0.
The “DSDTestProvider root certificate” that’s reported due to the same issue, was not yet confirmed by Dell. I chose not to release anything for it as of now.