Re: Account options: Smart card is required for interactive logon

From: Eric Perlin [MS] (ericperl_at_online.microsoft.com)
Date: 04/07/05


Date: Thu, 7 Apr 2005 12:58:04 -0700

I don't know for sure. I assume this is transferred to the client as part of
the data kept locally for cached logons.

-- 
Eric Perlin [MS]
This posting is provided "AS IS" with no warranties, and confers no rights.
---
"hyu" <hyu@discussions.microsoft.com> wrote in message
news:42DAF0DE-BEE5-4965-9628-242E794B7B77@microsoft.com...
> Thanks so much Erin.
>
> Found it in AD. It was userAccountControl FLAG. Another quick question ...
> how is this persisted on the client machine. Is it in registry or in SAM
> database?
> I think it's persisted 'cause it was enforcing this policy even when
> disconnected.
>
> - Han
>
> "Eric Perlin [MS]" wrote:
>
> > It's a property of the account in AD.
> > -- 
> > Eric Perlin [MS]
> > This posting is provided "AS IS" with no warranties, and confers no
rights.
> > ---
> >
> > "hyu" <hyu@discussions.microsoft.com> wrote in message
> > news:7B382B5F-2F8D-4D32-B318-44033640311A@microsoft.com...
> > > Hi,
> > >
> > > I'm wondering if anyone knows where and how the "Account options"
settings
> > for
> > > user gets stored and replicated. I know that there is at least a
couple of
> > > ways to
> > > configure the system to require smart card to logon.
> > >
> > > 1. Use Computer->Security
> > > This will store policy in GPO and it's replicated to computer's
registry.
> > I
> > > know
> > > where this one gets replicated in the registry.
> > >
> > > 2. Active Directory User and Computers-> User -> Properties -> Account
> > > -> List of checkboxes in "Account options"
> > > This is the one that I don't have any clue. In fact, I don't even know
> > that
> > > it's
> > > replicated in the registry or stored in AD like GPO or stored in some
> > other
> > > object
> > > in AD.
> > >
> > > I'm basically trying to find out how I can programmatically query
whether
> > a
> > > given user or computer is required to user smart card to logon.
> > >
> > > Thank you.
> > >
> > > - Han
> >
> >
> >


Relevant Pages

  • Re: windows client cant start completely...get blank desktop and no icons, start button, task bar, e
    ... Can you access the registry remotely from another workstation or the ... "Logon to the problematic client as a user who can logon to other ... Logon to a working client as the user who encountered the problem. ... not supported in newsgroup support. ...
    (microsoft.public.windows.server.sbs)
  • RE: Event ID 529 on cleint workstation
    ... Security Event ID 529 is a failure audit for logon/logoff. ... "logon events" generate the events on domain controllers for domain account ... The Event 529 was caused by the machine account password not being ... I suggest that you re-join the client to ...
    (microsoft.public.windows.server.sbs)
  • Re: Event ID 529 on cleint workstation
    ... "logon events" generate the events on domain controllers for domain account ... The Event 529 was caused by the machine account password not being ... I suggest that you re-join the client to ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: NT4 -> Win2K3 question
    ... "not allow me logon to domain." ... I suspect you still unable to join the ... client into domain, right? ... Get Secure! ...
    (microsoft.public.windows.server.migration)
  • Re: windows client cant start completely...get blank desktop and no icons, start button, task bar, e
    ... "Logon to the problematic client as a user who can logon to other ... Logon to a working client as the user who encountered the problem. ... please check the following registry keys that define the ... not supported in newsgroup support. ...
    (microsoft.public.windows.server.sbs)