Re: Smartcard offline login and XP laptops

From: "Tariq" <Tariq@xxxxxxxxxxxxxxxxxxxxxxxxx>

| Can anyone provide me with some guidance and recommendations on the use of
| smartcards and offline login with Windows XP based client laptops?

| My organization currently issues XP based laptops attached to our corporate
| domain to our global user base. The current image/configuration uses cached
| login's to enable offline login using a user's AD credentials to the local
| machine.

| I'm in the midst of deploying a Windows 2008 based PKI environment to
| support smartcard based logins. We're going to be deploying smartcards with
| mandatory login to a small number of laptop users, but I'd like to see that
| they have the same functionality as our non-smartcard based users in that
| they should be able to log in to their laptops while disconnected from our
| corporate network. I've seen some references online to the effect that the
| smartcard login is also "cached" to enable this ability, but I'd like to be
| able to reference to some definitive documentation to that effect.

| Thanks,

| Tariq

If the user uses cryptographic logons when connected to the Domain then their credentilas
from their smart card will also be cached. When off lan and not connected to the Domain
controller they will still be able to use their respective Smart Cards to logon to their
notebook susing their caced credentials.

Is you not enforcing cryptographic logons and the user can logon with a Domain Name and
password as well as by using their Smart Card then you must make sure that the user does
BOTH kinds of logons prior to going off lan. This will ensure that all their credentials
will be cached and they can login with their Domain Name and password as well as by using
their Smart Card when off lan.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


.

Relevant Pages

  • Smartcard offline login and XP laptops
    ... smartcards and offline login with Windows XP based client laptops? ... My organization currently issues XP based laptops attached to our corporate ... I'm in the midst of deploying a Windows 2008 based PKI environment to ...
    (microsoft.public.security)
  • Slow Login with Cached Credentials
    ... I am having an issue with many XP SP2 Dell Lattitude D6xx laptops. ... Of course when they are on the network and there is a domain controller ... All laptop users have both a login and logoff script (assigned via GPO to the ... REM Disconnect existing network mappings - do not prompt the user ...
    (microsoft.public.windowsxp.network_web)
  • Slow Login with Cached Credentials
    ... I am having an issue with many XP SP2 Dell Lattitude D6xx laptops. ... Of course when they are on the network and there is a domain controller ... All laptop users have both a login and logoff script (assigned via GPO to the ... REM Disconnect existing network mappings - do not prompt the user ...
    (microsoft.public.windowsxp.general)
  • How does your company handle this issue?
    ... We are migrating to a Windows 2003 AD domain with password changes required ... We are considering making all of our laptops non-domain members. ... simply login to the local machine. ...
    (microsoft.public.win2000.active_directory)
  • Re: Slow Login with Cached Credentials
    ... All affected laptops are memebers of a domain. ... Of course when they are on the network and there is a domain controller ... All laptop users have both a login and logoff script (assigned via GPO to the ... REM Disconnect existing network mappings - do not prompt the user ...
    (microsoft.public.windowsxp.general)