Allow ECC certificates to be used for logon and authenticationID: oval:org.secpod.oval:def:19289 | Date: (C)2014-05-29 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
The Allow ECC certificates to be used for logon and authentication machine setting should be configured correctly.
This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain. If you enable this policy setting, ECC certificates on a smart card can be used to log on to a domain. If you disable or do not configure this policy setting, ECC certificates on a smart card cannot be used to log on to a domain.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Smart Card\Allow ECC certificates to be used for logon and authentication
(2) KEY: HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider\EnumerateECCCerts
Platform: |
Microsoft Windows Server 2008 R2 |