Was this page helpful?
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All
Collapse the table of content
Expand the table of content
Expand Minimize

Cryptographic Services (System Services for the Windows Server 2003 Family and Windows XP Operating Systems)

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Service Name: CryptSvc

Executable Name: svchost.exe -k netsvcs

Log On As: LocalSystem

Description: Provides key management services for your computer. The Cryptographic Service is comprised of three management services: Catalog Database Service, Protected Root Service, and Key Service.

  • Catalog Database Service - This part of the service is responsible for adding, removing, and looking up catalog files. Catalog files are used to bulk sign all the files in the operating system. So, this service is used by Windows File Protection (WFP), Driver Signing, and setup to verify signed files.

  • Protected Root Service - This part of the service is responsible for adding and removing Trusted Root Certification Authority certificates for the current user. It displays a service message box with the certificate's name and thumbprint. If the user clicks OK, the certificate is added to or removed from the current user's list of trusted root authorities. Only Local System has write access to this list. If this part of the service is turned off, the current user will not be able to add or remove Trusted Root Certificate Authority certificates.

  • Key Service - This part of the service allows administrators to enroll for certificates on behalf of the local machine account. To that end, it provides several pieces of functionality required for enrollment -- enumeration of available Certification Authorities, enumeration of available machine templates, the ability to create and submit a certificate request in the local machine context, and so on. Only administrators may enroll on behalf of the local machine account.

If this service is disabled, administrators will not be able to enroll for machine certificates and auto enrollment will not be able to automatically acquire the default set of machine certificates. Also, WFP and driver signing will not be able to check the signatures of the operating system files.

Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition.

Installed through: Default operating system installation

Startup type: Automatic

Service status: Started

This service depends on the following system components:

Remote Procedure Call

The following system components depend on this service: None

IP Port Numbers used: None

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft