Windows 7 will not install a root certificate

Thanks to the link posted by harrymc, I spent almost a day investigating this problem and figured out it was Windows Server 2008 default domain policy.

I suspect this problem only applies to Windows PC in a domain network environment. The default domain policy doesn't allow user to install additional certificate to Trusted Root Certification Authorities, but the worst thing is if you tried Windows 7 will still say "Import Successfull" anyway.

If you want to check whether your domain policy allow you to install certificate to Trusted Root Certification Authority, when importing the cert via certmgr.msc manually select the store and tick 'Show physical stores'. You should be able to place the cert into Trusted Root Certification Authorities\Local Computer

If you can't see above, then it has to be enabled via group policy editor on your Windows Server Domain Controller (client PC restart is required for it to take effect):