EKU filtering

This policy setting allows you to specify enhanced key usage (EKU) values to be used in filtering a list of digital certificates for signing Excel 2007, PowerPoint 2007, and Word 2007 documents. An enhanced key usage (EKU) extension to a digital certificate is a collection of one or more values that indicate how a certificate should be used. Examples of EKU values include Smart Card Logon and Client Authentication. EKU filtering allows you to filter the list of installed certificates that can be used for digitally signing documents. The filtered list will appear when users attempt to select a certificate for digitally signing a document.

If you enable this policy setting, you can specify a list of object identifiers (OIDs) that represent acceptable EKUs for certificates used in conjunction with signed documents. For example, for a certificate with the Encrypting File System (1.3.6.1.4.1.311.10.3.4) identifier, the OID is 1.3.6.1.4.1.311.10.3.4. This list of appropriate OIDs will vary according to the specific certificates that the organization uses. For a list of object IDs associated with Microsoft cryptography, see Microsoft Knowledge Base article 287547, "Object IDs associated with Microsoft cryptography" at http://r.office.microsoft.com/r/rlidGPOIDAndCrypt2?clid=en-us.

If you disable or do not configure this policy setting, EKU filtering is not available.

Supported on: At least Windows Vista



Registry HiveHKEY_CURRENT_USER
Registry PathSoftware\Policies\Microsoft\Office\12.0\Common\Signatures
Value NameFilterDigitalSignatureCertEKU
Value TypeREG_SZ
Default Value

office12.admx

Administrative Templates (Computers)

Administrative Templates (Users)