Policy

Allow ECC certificates to be used for logon and authentication

Microsoft Windows

Back to Smart CardBack to main
Allow ECC certificates to be used for logon and authentication
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Windows Components > Smart Card
Supported on
At least Windows Server 2008 R2 or Windows 7

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016

This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain. If you enable this policy setting, ECC certificates on a smart card can be used to log on to a domain. If you disable or do not configure this policy setting, ECC certificates on a smart card cannot be used to log on to a domain. Note: This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affected by this policy setting. Note: If you use an ECDSA key to log on, you must also have an associated ECDH key to permit logons when you are not connected to the network.

Internal name
EnumerateECCCerts
Policy ID
3fd865031b26
Elements
0

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Computer
Path
SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider
Value name
EnumerateECCCerts
REG_DWORD
HKLM
1
HKLM
0
Registry location
Type REG_DWORD · Computer
Path
SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider
Value name
EnumerateECCCerts
Hive
HKLM
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.