Do not allow private key to be extractable

Specify that the private key will be imported as non-extractable. This means it will not be able to export from the keychain.

NOTE: This setting only applies to new auto-enrollment private key, it will not change those auto-enrolled private keys that are already imported to keychain.

Supported on:

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Mac\Security\PublicKeyPolicies
Value NamePrivateKeyExtractable
Value TypeREG_SZ
Enabled ValueNO
Disabled ValueYES

centrify_mac_settings.admx

Administrative Templates (Computers)

Administrative Templates (Users)