Re: Administrator Use

From: Miha Pihler [MVP] (mihap-news_at_atlantis.si)
Date: 11/07/05

Next message: Mark Randall: "Re: Running program files on XP with non-executable extensions?"

Previous message: taddub_at_yahoo.co.uk: "HTTP Error 403.13 - Verisign IP Address"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 7 Nov 2005 09:08:38 +0100

Windows 2000 and later have built in support for Smart Cards.

To use smart cards you have to set up (or use someone's PKI infrasturcture).
If you want to build your own PKI here are some white papers you can look
at...

And think about which smart cards to use since this will influence your
deployment. Some CSPs (Crypto Service Providers) are already included in
Windows and some you have to buy and later deploy in your environment.

-- 
Mike
Microsoft MVP - Windows Security
"Eddie" <Eddie@discussions.microsoft.com> wrote in message 
news:E985CE36-F7C6-4C38-960F-8B624553C570@microsoft.com...
> Here is my issue. I want my Administrators to need to use smart card or 
> some
> type of secondary authenication when they log in as a domain/enterprise
> admin. I was thinking of using a usb as the 2nd part authenication. Does
> anyone know how to set this up? I would like to use something built into
> Windows like pki etc. Thanks.

Next message: Mark Randall: "Re: Running program files on XP with non-executable extensions?"

Previous message: taddub_at_yahoo.co.uk: "HTTP Error 403.13 - Verisign IP Address"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Help in implementing a PKI/Smart Card Infrastrucutre
... So your problem is actually buying the hardware (smart cards) and the ... software (Windows CSP)? ... I only use Enterprise Servers in my small business ...
(microsoft.public.windows.server.security)
MSFT PKI Job opennings
... The Windows Security Public Key Infrastructure team is looking for awesome ... major challenge is to hide the complexity of PKI from the end user - to help ... very solid C/C++ programming skills. ... development and debugging experience on Win32 internals, knowledge of PKI, ...
(microsoft.public.windowsxp.security_admin)
Re: Start a service instance for each Terminal Service session
... The service access the smart cards through the resource manager and the ... In Windows XP it seems almost OK without modification. ... service can list the remote smart card reader with SCardListReaders ... the Console Session with session ID 0. ...
(microsoft.public.windows.terminal_services)
RE: Password communication
... If the account has been locked due to multiple incorrect authentication attempts it's a good idea to automatically unlock it after a certain time interval, say 30 minutes or something like that. ... There are technologies that have been mentioned, like smart cards, proximity cards, etc... ... There should be implemented password change history, ... PKI... ...
(Security-Basics)
Re: GINA for Smart Card logon
... Are you trying to control what happens when people remove their smart cards after logging on? ... you do know the GINA is gone in Windows Vista/Server 2008, ... > computer may stop at the winlogon desktop and the default desktop may> be ...
(microsoft.public.windowsxp.security_admin)