Policy

Configure use of smart cards on fixed data drives

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassComputer
CategoryWindows Components > BitLocker Drive Encryption > Fixed Data Drives
Supported onAt least Windows Server 2008 R2 or Windows 7

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016

This policy setting allows you to specify whether smart cards can be used to authenticate user access to the BitLocker-protected fixed data drives on a computer. If you enable this policy setting smart cards can be used to authenticate user access to the drive. You can require a smart card authentication by selecting the "Require use of smart cards on fixed data drives" check box. Note: These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker will allow unlocking a drive with any of the protectors available on the drive. If you disable this policy setting, users are not allowed to use smart cards to authenticate their access to BitLocker-protected fixed data drives. If you do not configure this policy setting, smart cards can be used to authenticate user access to a BitLocker-protected drive.

Internal name
FDVConfigureSmartCard
Policy ID
cab90b4dfb4d
Elements
1

Registry values

How enabled and disabled states update the registry.

Registry locationTypeEnabled valueDisabled value
HKLM\Software\Policies\Microsoft\FVE\FDVAllowUserCertREG_DWORD
1
0

Policy elements

Inputs and configuration options exposed by this policy.

ElementTypeRegistry mappingConstraints & behavior
Require use of smart cards on fixed data drives
ID FDVRequireSmartCard_Name
boolean
HKLM\Software\Policies\Microsoft\FVE\FDVEnforceUserCert
Type REG_DWORD
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0

Other policies in this category

Explore related policies at the same level.