Allow signature keys valid for Logon

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista

This policy setting lets you allow signature key-based certificates to be enumerated and available for logon. If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen. If you disable or do not configure this policy setting, any available smart card signature key-based certificates will not be listed on the logon screen.

This policy has no additional user input fields.

• Computer
  Allow certificates with no extended key usage certificate attribute

  At least Windows Vista
• Computer
  Allow ECC certificates to be used for logon and authentication

  At least Windows Server 2008 R2 or Windows 7
• Computer
  Allow Integrated Unblock screen to be displayed at the time of logon

  At least Windows Vista
• Computer
  Allow time invalid certificates

  At least Windows Vista
• Computer
  Allow user name hint

  At least Windows Vista
• Computer
  Configure root certificate clean up

  At least Windows Vista
• Computer
  Display string when smart card is blocked

  At least Windows Vista
• Computer
  Filter duplicate logon certificates

  At least Windows Vista
• Computer
  Force the reading of all certificates from the smart card

  At least Windows Vista
• Computer
  Notify user of successful smart card driver installation

  At least Windows Server 2008 R2 or Windows 7
• Computer
  Prevent plaintext PINs from being returned by Credential Manager

  At least Windows Vista Service Pack 1
• Computer
  Reverse the subject name stored in a certificate when displaying

  At least Windows Vista