Smart Card

23 July 2000 by Snakefoot | Comment » | Trackback Off
Description:
It is possible to use a plastic card (smart card) to login instead of using a keyboard to type username if having a smart card reader.
This service manages and controls access to a smart card inserted into a smart card reader attached to the computer.

There is registry entry that can enable additional protection from PKINIT-related vulnerabilities:

[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Control \Lsa \Kerberos]
RequireAsChecksum = 1 (Default WinXP = 0)

[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Control \Lsa \Kerberos \Parameters]
RequireAsChecksum = 1 (Default Win2k/Win2k3 = 0)

Note before enabling this setting on the client-machines, one should make sure that MS KB Q899587 is installed on the domain controller or else the smart card login will fail. More info MS KB Q904766

Recommended State:
  • Manual.
Default State:
  • Manual
Process Name:
  • SCardSvr.exe (SCardSvr)
Supports:
  • None
Depends:
Tags:
Category:

Updated: 23 September 2007

Leave a comment


You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>