Allow ECC certificates to be used for logon and authentication This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain. If you enable this policy setting, ECC certificates on a smart card can be used to log on to a domain. If you disable or do not configure this policy setting, ECC certificates on a smart card cannot be used to log on to a domain. Note: This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affected by this policy setting. Note: If you use an ECDSA key to log on, you must also have an associated ECDH key to permit logons when you are not connected to the network.

[enable/disable]

(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsSmart Card!Allow ECC certificates to be used for logon and authentication (2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsSmartCardCredentialProvider!EnumerateECCCerts