Certificate Propagation (CertPropSvc) Service Defaults in Windows 10

Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver.

Default Settings

Startup type:Manual
Display name:Certificate Propagation
Service name:CertPropSvc
Service type:share
Error control:normal
Object:LocalSystem
Path:%SystemRoot%\system32\svchost.exe -k netsvcs
File:%SystemRoot%\System32\certprop.dll
Registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertPropSvc
Privileges:
  • SeCreateGlobalPrivilege
  • SeTcbPrivilege
  • SeChangeNotifyPrivilege
  • SeImpersonatePrivilege
  • SeTakeOwnershipPrivilege
  • SeSecurityPrivilege

Default Behavior

Certificate Propagation is a Win32 service. In Windows 10 it is starting only if the user, an application or another service starts it. When the Certificate Propagation service is started, it is running as LocalSystem in a shared process of svchost.exe along with other services. If Certificate Propagation fails to start, the failure details are being recorded into Event Log. Then Windows 10 will start up and notify the user that the CertPropSvc service has failed to start due to the error.

Dependencies

Certificate Propagation cannot be started under any conditions, if the Remote Procedure Call (RPC) service is disabled.

Restore Default Startup Configuration for Certificate Propagation

1. Select your Windows 10 edition and release, and then click Download.

2. Save the Win10_CertPropSvc_Service_Startup.cmd file to a local storage device.

3. Run the saved file as an administrator.

4. Restart the computer.

The CertPropSvc service is using the certprop.dll file that is located in the %WinDir%\System32 folder. If the file is changed, damaged or deleted, you can restore its original version from Windows 10 installation media.