Re: Smart Card Logon
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 20 Jul 2006 17:44:07 -0500
That can't be done since computer configuration Group Policy apples to all
users on that domain computer. You can configure user accounts in Active
Directory to require that they use smart card logon but that will apply to
any domain computer that they logon to. To me it seems to defeat the
security advantage of smart cards [multifactor authentication] by exempting
an account for smart card logon where there is an apparent need to otherwise
require smart card logon. Instead make sure that there is a user/group in
the local administrators group that has smart cards that can logon if need
be. Also you can simply undo the security option via Local Security Policy
or at the domain/OU level if that is where it is applied to not require
smart card logon to a domain computer when the need arises.
Steve
"JayW" <JayW@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A816C391-F797-4941-A0C0-35A8E91322F0@xxxxxxxxxxxxxxxx
I am trying to implement smart card required logon on my Win XP and Win2K
PC's on the network through the local computer security policy. I need to
restrict all users logging onto those PCs to use a smart card to logon
instead of the normal User ID and password. However, I need to exempt the
administrator account on the local machine from this policy. The security
template options are enabled and disabled but I need to add the local
administrator account as an exception from the smart card requirement. Is
there a way that the template can be edited so that exceptions can be
added
or is there a predefined template available from Microsoft? Bottom
line...can this be done?
.
- Prev by Date: Re: Smart Card Logon
- Next by Date: Re: offline files and folder redirection
- Previous by thread: Re: Smart Card Logon
- Next by thread: Re: Smart Card Logon
- Index(es):
Relevant Pages
|
