[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Allow certificates with no extended key usage certificate attribute

ID: oval:org.secpod.oval:def:19468Date: (C)2014-05-29   (M)2023-07-04
Class: COMPLIANCEFamily: windows




The Allow certificates with no extended key usage certificate attribute machine setting should be configured correctly. This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon. In versions of Windows prior to Windows Vista, smart card certificates that are used for logon require an enhanced key usage (EKU) extension with a smart card logon object identifier. This policy setting can be used to modify that restriction. If you enable this policy setting, certificates with the following attributes can also be used to log on with a smart card: - Certificates with no EKU - Certificates with an All Purpose EKU - Certificates with a Client Authentication EKU If you disable or do not configure this policy setting, only certificates that contain the smart card logon object identifier can be used to log on with a smart card. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Smart Card\Allow certificates with no extended key usage certificate attribute (2) KEY: HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider\AllowCertificatesWithNoEKU

Platform:
Microsoft Windows Server 2008 R2
Reference:
CCE-11906-5
CPE    1
cpe:/o:microsoft:windows_server_2008:r2
CCE    1
CCE-11906-5
XCCDF    1
xccdf_org.secpod_benchmark_general_Windows_Server_2008_R2

© SecPod Technologies