What are required root certificates for Windows 2000? I was told to not touch these certificates.

Some root certificates are required and trusted in Windows 2000. Here is why:

As part of a public key infrastructure (PKI) trust management procedure, some administrators may decide to remove trusted root certificates from a Windows-based domain, a Windows-based server, or a Windows-based client. However, these root certificates are required for the operating system to operate correctly. Because removal of the following certificates may limit functionality of the operating system or may cause the computer to fail, you should not remove them.

Some certificates that are listed in the previous tables have expired. However, these certificates are necessary for backward compatibility. Even if there is an expired trusted root certificate, anything that was signed by using that certificate before the expiration date requires that the trusted root certificate be validated. As long as expired certificates are not revoked, they can be used to validate anything that was signed before their expiration.

Required root certificates in Windows 2000 - do not touch them:

Issued by - Expiration date - Friendly name 

Copyright (c) 1997 Microsoft Corp. - 12/30/1999 -  Microsoft Timestamp Root
Microsoft Authenticode(tm) Root Authority - 12/31/1999 - Microsoft Authenticode(tm) Root
Microsoft Root Authority - 12/31/2020 - Microsoft Root Authority
NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. - 1/7/2004 - VeriSign Time Stamping CA
VeriSign Commercial Software Publishers CA - 1/7/2004 - VeriSign Commercial Software Publishers CA
Thawte Timestamping CA - 12/31/2020 - Thawte Timestamping CA

⇒ Certificate Manager Console "certmgr.msc" on Windows

⇐ Required Root Certificates for Windows XP

⇑ General Information about Certificates on Windows

⇑⇑ Windows Certificates Tutorials