Re: Smart Card Authenticatyion to standalone PC

From: Paul Adare <pkadare@xxxxxxxxx>
Date: Thu, 10 Jan 2008 06:37:59 -0600

On Thu, 10 Jan 2008 04:27:03 -0800, MattLaw wrote:

I have a PKI setup issuing certificates from the root CA onto Smart Cards.
these work fine for the machines that are connected to my domain for Windows
authentication.

The problem I have is there a a number of mobil PC units that do not connect
to the domain and use local accounts for authentication. I need to enable
these machines with the ability to use a smart card with cert for
authentication.

Can you install a copy of the root CA locally or generate a certificate for
a local user account so that this can be acheived?

The desktops are XP and Vista and the root CA is on a 2003 server.

You can't do this. Smart card logon in Windows requires Kerberos and there
is no kerberos when using local accounts. Join the mobile computers to the
domain and use domain accounts.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
You can't make a program without broken egos.
.

Prev by Date: Re: Messenger Service problem!
Next by Date: Re: Messenger Service problem!
Previous by thread: HELP ME PLEASE!!!! win32/renos.aor & win32/zlob
Next by thread: Re: Smart Card Authenticatyion to standalone PC
Index(es):
- Date
- Thread

Relevant Pages

RE: Windows Me/98 Client connecting to SQL W2k3
... I'm now trying to connect 50 machines across different countries. ... Windows ME and it has a correct MDAC. ... > SQL authentication we do not use. ...
(microsoft.public.sqlserver.connect)
Re: Domain Password Synchronisation
... Directory and reinstalled it with Win2K3 as a member server - as far as I ... If they log off and log back in they will again get into Windows ... Most authentication problems are really DNS ... CLIENT category and SERVER category machines. ...
(microsoft.public.windows.server.active_directory)
Re: Intranet app via remote location (Internet)
... I've always used Forms authentication in conjunction with my own SQL tables ... tried to utilize Active Directory for an internet application but I've had to ... I've not yet seen an elegant way to make Windows prompt the user for their ... client has an intranet with many machines connected to it and wants to host ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: IIS Authentication page problem
... machines and behaves differently on Windows 2000 and Windows NT machines:(. ... The virtual directory is set to anonymous authentication ... >> Under the IE options I've Prompt for Username and Password is set. ...
(microsoft.public.inetserver.iis)
Re: IIS 5.0 Integrated Authentication always looks locally than to the domian it has joined
... >> been the same as Ken, local accounts only unless specified ... > account so IE/IIS will use that and not prompt you ... I am talking of prompted login authentication, ... When prompted with Windows integrated authentication in use ...
(microsoft.public.inetserver.iis.security)