Re: Account options: Smart card is required for interactive logon
From: Eric Perlin [MS] (ericperl_at_online.microsoft.com)
Date: Thu, 7 Apr 2005 12:58:04 -0700
I don't know for sure. I assume this is transferred to the client as part of
the data kept locally for cached logons.
-- Eric Perlin [MS] This posting is provided "AS IS" with no warranties, and confers no rights. --- "hyu" <firstname.lastname@example.org> wrote in message news:42DAF0DE-BEE5-4965-9628-242E794B7B77@microsoft.com... > Thanks so much Erin. > > Found it in AD. It was userAccountControl FLAG. Another quick question ... > how is this persisted on the client machine. Is it in registry or in SAM > database? > I think it's persisted 'cause it was enforcing this policy even when > disconnected. > > - Han > > "Eric Perlin [MS]" wrote: > > > It's a property of the account in AD. > > -- > > Eric Perlin [MS] > > This posting is provided "AS IS" with no warranties, and confers no rights. > > --- > > > > "hyu" <email@example.com> wrote in message > > news:7B382B5F-2F8D-4D32-B318-44033640311A@microsoft.com... > > > Hi, > > > > > > I'm wondering if anyone knows where and how the "Account options" settings > > for > > > user gets stored and replicated. I know that there is at least a couple of > > > ways to > > > configure the system to require smart card to logon. > > > > > > 1. Use Computer->Security > > > This will store policy in GPO and it's replicated to computer's registry. > > I > > > know > > > where this one gets replicated in the registry. > > > > > > 2. Active Directory User and Computers-> User -> Properties -> Account > > > -> List of checkboxes in "Account options" > > > This is the one that I don't have any clue. In fact, I don't even know > > that > > > it's > > > replicated in the registry or stored in AD like GPO or stored in some > > other > > > object > > > in AD. > > > > > > I'm basically trying to find out how I can programmatically query whether > > a > > > given user or computer is required to user smart card to logon. > > > > > > Thank you. > > > > > > - Han > > > > > >