Re: Smartcard offline login and XP laptops
- From: "Brian Komar" <brian.komar@xxxxxxxxxxxxxxxxx>
- Date: Sun, 23 Nov 2008 16:57:58 -0600
One correction.
When working with Windows XP, the client can only cache one of:
- username/password logon
- smart card logon
Whatever one they did last when connected to the network will be cached.
If they are using Vista, then both the username/password and smartcard logon will be cached, allowing either authentication method when not connected to the network (as long as they logged on at least once while connected with each authentication method.
Brian
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:O841NubTJHA.6028@xxxxxxxxxxxxxxxxxxxxxxx
From: "Tariq" <Tariq@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Can anyone provide me with some guidance and recommendations on the use of
| smartcards and offline login with Windows XP based client laptops?
| My organization currently issues XP based laptops attached to our corporate
| domain to our global user base. The current image/configuration uses cached
| login's to enable offline login using a user's AD credentials to the local
| machine.
| I'm in the midst of deploying a Windows 2008 based PKI environment to
| support smartcard based logins. We're going to be deploying smartcards with
| mandatory login to a small number of laptop users, but I'd like to see that
| they have the same functionality as our non-smartcard based users in that
| they should be able to log in to their laptops while disconnected from our
| corporate network. I've seen some references online to the effect that the
| smartcard login is also "cached" to enable this ability, but I'd like to be
| able to reference to some definitive documentation to that effect.
| Thanks,
| Tariq
If the user uses cryptographic logons when connected to the Domain then their credentilas
from their smart card will also be cached. When off lan and not connected to the Domain
controller they will still be able to use their respective Smart Cards to logon to their
notebook susing their caced credentials.
Is you not enforcing cryptographic logons and the user can logon with a Domain Name and
password as well as by using their Smart Card then you must make sure that the user does
BOTH kinds of logons prior to going off lan. This will ensure that all their credentials
will be cached and they can login with their Domain Name and password as well as by using
their Smart Card when off lan.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
.
- Follow-Ups:
- Re: Smartcard offline login and XP laptops
- From: David H. Lipman
- Re: Smartcard offline login and XP laptops
- References:
- Smartcard offline login and XP laptops
- From: Tariq
- Re: Smartcard offline login and XP laptops
- From: David H. Lipman
- Smartcard offline login and XP laptops
- Prev by Date: Re: Smartcard offline login and XP laptops
- Next by Date: Re: Smartcard offline login and XP laptops
- Previous by thread: Re: Smartcard offline login and XP laptops
- Next by thread: Re: Smartcard offline login and XP laptops
- Index(es):
Relevant Pages
|
