Check with the hardware manufacturer to verify that the smart card supports this feature. To use the integrated unblock feature, the smart card must support it. When this setting isn't turned on, the feature is not available. When this setting is turned on, the integrated unblock feature is available.
Install smart card certificate outlook windows#
The feature was introduced as a standard feature in the Credential Security Support Provider in Windows Vista. You can use this policy setting to determine whether the integrated unblock feature is available in the sign-in user interface (UI). If you use an ECDSA key to sign in, you must also have an associated ECDH key to permit sign in when you're not connected to the network. ECC certificates on a smart card that are used for other applications, such as document signing, aren't affected by this policy setting. This policy setting only affects a user's ability to sign in to a domain. When this setting isn't turned on, ECC certificates on a smart card can't be used to sign in to a domain. When this setting is turned on, ECC certificates on a smart card can be used to sign in to a domain. You can use this policy setting to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to sign in to a domain. Itemĭisabled and not configured are equivalent When this policy setting isn't turned on, only certificates that contain the smart card logon object identifier can be used to sign in with a smart card. When this policy setting is turned on, certificates with the following attributes can also be used to sign in with a smart card:Ĭertificates with a Client Authentication EKU This policy setting can be used to modify that restriction. In versions of Windows before Windows Vista, smart card certificates that are used to sign in require an EKU extension with a smart card logon object identifier. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CertPropĮnhanced key usage certificate attribute is also known as extended key usage. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScPnP\EnableScPnP
![install smart card certificate outlook install smart card certificate outlook](https://www.thesslstore.com/knowledgebase/wp-content/uploads/2018/04/2018-04-20_14-39-45.png)
The registry keys are in the following locations: The following smart card Group Policy settings are in Computer Configuration\Administrative Templates\Windows Components\Smart Card. Turn on root certificate propagation from smart cardīase CSP and Smart Card KSP registry keysĪdditional smart card Group Policy settings and registry keys Turn on certificate propagation from smart card Reverse the subject name stored in a certificate when displaying Prevent plaintext PINs from being returned by Credential Manager
Install smart card certificate outlook driver#
Notify user of successful smart card driver installation
![install smart card certificate outlook install smart card certificate outlook](https://3.bp.blogspot.com/-WnYuR5nshOU/UmqWho-sTiI/AAAAAAAAPv4/F9TopJT9SPg/s1600/nfc-smime-app.png)
Primary Group Policy settings for smart cardsĪllow certificates with no extended key usage certificate attributeĪllow ECC certificates to be used for logon and authenticationĪllow Integrated Unblock screen to be displayed at the time of logonĭisplay string when smart card is blockedįorce the reading of all certificates from the smart card If you use domain Group Policy Objects (GPOs), you can edit and apply Group Policy settings to local or domain computers. The following sections and tables list the smart card-related Group Policy settings and registry keys that can be set on a per-computer basis. This article for IT professionals and smart card developers describes the Group Policy settings, registry key settings, local security policy settings, and credential delegation policy settings that are available for configuring smart cards. Applies to: Windows 10, Windows 11, Windows Server 2016 and above