Policy

Allow signature keys valid for Logon

This policy setting lets you allow signature key-based certificates to be enumerated and available for logon. If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen. If you disable or do not configure this policy setting, any available smart card signature key-based certificates will not be listed on the logon screen.

Policy
Pack Microsoft Windows
Category Windows Components / Smart Card
Policy ID e767540710bf
Internal name AllowSignatureOnlyKeys

Registry

Copy registry mappings

HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider\AllowSignatureOnlyKeys (enabled) = 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider\AllowSignatureOnlyKeys (disabled) = 0

Policy notes

This policy setting lets you allow signature key-based certificates to be enumerated and available for logon. If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen. If you disable or do not configure this policy setting, any available smart card signature key-based certificates will not be listed on the logon screen.

Related policies

Allow certificates with no extended key usage certificate attributeAllow ECC certificates to be used for logon and authenticationAllow Integrated Unblock screen to be displayed at the time of logonAllow time invalid certificatesAllow user name hintConfigure root certificate clean upDisplay string when smart card is blocked