Policy
EKU filtering
Microsoft Office
Policy overview
Key metadata and intent for this policy.
This policy setting allows you to specify enhanced key usage (EKU) values to be used in filtering a list of digital certificates for signing Excel, PowerPoint, and Word documents. An enhanced key usage (EKU) extension to a digital certificate is a collection of one or more values that indicate how a certificate should be used. Examples of EKU values include Smart Card Logon and Client Authentication. EKU filtering allows you to filter the list of installed certificates that can be used for digitally signing documents. The filtered list will appear when users attempt to select a certificate for digitally signing a document. If you enable this policy setting, you can specify a list of object identifiers (OIDs) that represent acceptable EKUs for certificates used in conjunction with signed documents. For example, for a certificate with the Encrypting File System (1.3.6.1.4.1.311.10.3.4) identifier, the OID is 1.3.6.1.4.1.311.10.3.4. This list of appropriate OIDs will vary according to the specific certificates that the organization uses. For a list of object IDs associated with Microsoft cryptography, see Microsoft Knowledge Base article 287547, "Object IDs associated with Microsoft cryptography" at http://officeredir.microsoft.com/r/rlidGPOIDAndCrypt2O14?clid=1033. If you disable or do not configure this policy setting, EKU filtering is not available.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Scope | Element | Type | Registry mapping | Constraints & behavior | Copy |
|---|---|---|---|---|---|
| User | L_empty412 ID L_empty412 | text | Path software\policies\microsoft\office\16.0\common\signatures Value name filterdigitalsignaturecerteku Type REG_SZ | None |