From time to time I get some questions regarding certificates, users get certificate errors on newly installed computers.
Since certificate are time limited and some will be revoked for what ever reason, the certificate store needs to be updated. Usually this is handled by Windows update, WSUS, SUP or something similar, but what should you look for to approve?
A search at http://www.microsoft.com/download for Root certificate will help you and this will give you a result that looks something like this:
Direct link for the latest at the moment: http://www.microsoft.com/download/en/details.aspx?id=28175
Just add this in your task sequence to make sure you have all new certificates from the beginning, and hopefully your Internet Explorer certificate errors will be gone!