Certificate Propagation (CertPropSvc) Service Defaults in Windows 7

Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver.

Default Settings

Startup type:Manual
Display name:Certificate Propagation
Service name:CertPropSvc
Service type:share
Error control:normal
Object:LocalSystem
Path:%SystemRoot%\system32\svchost.exe -k netsvcs
File:%SystemRoot%\System32\certprop.dll
Registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertPropSvc
Privileges:
  • SeCreateGlobalPrivilege
  • SeTcbPrivilege
  • SeChangeNotifyPrivilege
  • SeImpersonatePrivilege
  • SeTakeOwnershipPrivilege
  • SeSecurityPrivilege

Default Behavior

Certificate Propagation is a Win32 service. In Windows 7 it won't be started if the user doesn't start it. When the Certificate Propagation service is started, it is running as LocalSystem in a shared process of svchost.exe. Other system components, such as drivers and services, may run in the same process. If Certificate Propagation fails to start, Windows 7 attempts to write the failure details into Event Log. Then Windows 7 startup should proceed and the user should be notified that the CertPropSvc service is not running because of the error.

Dependencies

Certificate Propagation is unable to start, if the Remote Procedure Call (RPC) service is stopped or disabled.

Restore Default Startup Configuration for Certificate Propagation

1. Select your Windows 7 edition and service pack, and then click Download.

2. Save the Win7_CertPropSvc_Service_Startup.cmd file to a local storage device.

3. Run the saved file as an administrator.

4. Restart the computer.

The CertPropSvc service is using the certprop.dll file that is located in the %WinDir%\System32 folder. If the file is changed, damaged or deleted, you can restore its original version from Windows 7 installation media.