Re: certificate authentication

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/28/05 

Date: Thu, 28 Apr 2005 16:38:02 -0500

He will need a smart card for each user account. You can manage what
computers a user logs onto a couple of ways. In a users account in Active
Directory Users and Computers you can specify the domain computers the
domain user can logon to. The other way is to modify the user rights for
logon locally and demy logon locally for a computer. Keep in mind that deny
logon locally overrides any allow override logon locally and that
administrators are also members of users and everyone groups. User rights
can be managed in Local Security Policy or at the domain or Organizational
Unit level for groups of computers with like needs. For domain controllers
use Domain Controller Security Policy to manage user rights. Security
policy/security options can also be used to force users to use smart cards
and the behavior for smart card removal for computers. --- Steve

"Roberto Murasso (Tiscali)" <rmurasso@tiscalinet.it> wrote in message
news:%23KNVSADTFHA.3376@TK2MSFTNGP10.phx.gbl...
> Hi,
> I have a Windows 2003 server domain with Active Directory on and an
> Enterprise Certification Authority.
> The problem is :
> I have a phisical person who has two AD accounts, one as user and onother
> as administrator
> I have to give to him a smart card and remove the user name/password logon
>
> Can I generate two authentication certificates on the same samrt card?
> Can I choose (using windows logon) wich user log to the system?
> Do I have any component to modify/create to do this ?
>
> At the end of all, is this thing possible?
>
> Hope in your help
>
>

Relevant Pages

  • Re: prevent users from logging onto... (AD)
    ... You can restrict what domain computers ... a domain user logs onto in their user account properties in AD Users and ... To prevent logon to multiple computers you could look at using ... be to implement smart card logon and require user to use smart card and that ...
    (microsoft.public.windows.server.active_directory)
  • Re: prevent users from logging onto... (AD)
    ... You can restrict what domain computers ... a domain user logs onto in their user account properties in AD Users and ... To prevent logon to multiple computers you could look at using ... be to implement smart card logon and require user to use smart card and that ...
    (microsoft.public.windows.server.setup)
  • Re: prevent users from logging onto... (AD)
    ... You can restrict what domain computers ... a domain user logs onto in their user account properties in AD Users and ... To prevent logon to multiple computers you could look at using ... be to implement smart card logon and require user to use smart card and that ...
    (microsoft.public.windows.server.security)
  • Re: prevent users from logging onto... (AD)
    ... You can restrict what domain computers ... a domain user logs onto in their user account properties in AD Users and ... To prevent logon to multiple computers you could look at using ... be to implement smart card logon and require user to use smart card and that ...
    (microsoft.public.windows.server.general)
  • Re: Preventing Simultaneous Logins
    ... limit the domain computers a user logs onto in the account properties and can use the ... access this computer from the network user right to restrict what network computers a ... > workstation and attempted to log on to another machine the user would be ...
    (microsoft.public.win2000.networking)