I issued a SSL certificate trought DigiCert which we know is globally recognized and its Trusted Roots should be by default in Windows installations.
However on one of my client's machine there was no intermediate root CA which led to several problems. Hence I decided to include DigiCert certificates (taken from their website) into the installation package we are sending to our clients.
Of course I wanted to test it first on my local win server 2008 but I can't remove DigiCert roots from the machine! I keep removing them as Current User and Local Computer from both Trusted Root CAs and Intermediate CAs but as soon as I open (not install, just open!) the issued certificate file (to see it's details), instantly the removed CAs appear in the stores again (as current user).
Windows Update
. Why don't you just tell the client they need to update their installation?