Allow ECC certificates to be used for logon and authenticationID: oval:org.secpod.oval:def:29365 | Date: (C)2015-10-14 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain.
If you enable this policy setting, ECC certificates on a smart card can be used to log on to a domain.
If you disable or do not configure this policy setting, ECC certificates on a smart card cannot be used to log on to a domain.
Note: This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affected by this policy setting.
Note: If you use an ECDSA key to log on, you must also have an associated ECDH key to permit logons when you are not connected to the network.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Smart Card!Allow ECC certificates to be used for logon and authentication
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!EnumerateECCCerts
Platform: |
Microsoft Windows 8.1 |