[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Filter duplicate logon certificates

ID: oval:org.secpod.oval:def:19048Date: (C)2014-05-29   (M)2023-07-04
Class: COMPLIANCEFamily: windows




The Filter duplicate logon certificates machine setting should be configured correctly. This policy settings lets you configure if all your valid logon certificates are displayed. During the certificate renewal period, a user can have multiple valid logon certificates issued from the same certificate template. This can cause confusion as to which certificate to select for logon. The common case for this behavior is when a certificate is renewed and the old one has not yet expired. Two certificates are determined to be the same if they are issued from the same template with the same major version and they are for the same user (determined by their UPN). If there are two or more of the "same" certificate on a smart card and this policy is enabled then the certificate that is used for logon on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the the certificate with the expiration time furthest in the future will be shown. Note: This setting will be applied after the following policy: "Allow time invalid certificates" If you enable or do not configure this policy setting, filtering will take place. If you disable this policy setting, no filtering will take place. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Smart Card\Filter duplicate logon certificates (2) KEY: HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider\FilterDuplicateCerts

Platform:
Microsoft Windows Server 2008 R2
Reference:
CCE-11075-9
CPE    1
cpe:/o:microsoft:windows_server_2008:r2
CCE    1
CCE-11075-9
XCCDF    1
xccdf_org.secpod_benchmark_general_Windows_Server_2008_R2

© SecPod Technologies