Re: GINA for Smart Card logon

Are you trying to control what happens when people remove their smart cards after logging on? We've already got group policy for that:

Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options |
Interactive logon: Smart card removal behavior = No action, Lock workstation, or Force logoff


--
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


"dxulee" <dxulee@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:B88C7298-BCBF-467D-AE04-D4458393C124@xxxxxxxxxxxxxxxx
You are right. But Windows XP will exist for a long time.So my company need
to support it.
Winlogon supports smartcards.But how can I receive WLX_SAS_TYPE_SC_REMOVE
in the funtion WlxLoggedOnSAS.When I remove smart cards, Winlogon does not
response to the action.


"Steve Riley [MSFT]" wrote:

Winlogon already supports smartcards. Why are you writing a new GINA? And
you do know the GINA is gone in Windows Vista/Server 2008, right?

--
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


"dxulee" <dxulee@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2F78DBF8-A5B7-4052-BDFE-1C3BC5C5674E@xxxxxxxxxxxxxxxx
> Recently, I am writing a GINA for Smart Card logon.But I have a > problem.
>
> First, I installed PC/SC driver and invoked a function in > WlxInitialize
> like this
> WlxSetOption(g_hWlx, WLX_OPTION_USE_SMART_CARD, 1, NULL);When I remove > the
> smart card,winlogon looks as if it can not receive the
> WLX_SAS_TYPE_SC_REMOVE
> event.I do not known why. I think windows should send this message to
> winlogon.At last, I create a thread and try to get the message
> WM_DEVICECHANGE. If it occurs, I will invoke the funtion > WlxSasNotify.So I
> can receive the WLX_SAS_TYPE_SC_REMOVE event.But there is another
> problem.My
> computer may stop at the winlogon desktop and the default desktop may > be
> hidden.
>
> Who can give me some solution or suggestion ? And my os is windows xp > sp2
> Thanks very much.


.

Relevant Pages

  • Re: Help in implementing a PKI/Smart Card Infrastrucutre
    ... So your problem is actually buying the hardware (smart cards) and the ... software (Windows CSP)? ... I only use Enterprise Servers in my small business ...
    (microsoft.public.windows.server.security)
  • Re: Start a service instance for each Terminal Service session
    ... The service access the smart cards through the resource manager and the ... In Windows XP it seems almost OK without modification. ... service can list the remote smart card reader with SCardListReaders ... the Console Session with session ID 0. ...
    (microsoft.public.windows.terminal_services)
  • Re: Administrator Use
    ... Windows 2000 and later have built in support for Smart Cards. ... To use smart cards you have to set up (or use someone's PKI infrasturcture). ...
    (microsoft.public.security)
  • Offline Smart Card Logon
    ... It's possible to logon to windows xp via smart cards even there's no network ... Is it still possible to logon offline via smart cards when the CRL has ...
    (microsoft.public.windows.server.security)