Results 1 to 5 of 5

Thread: Smart card is required for interactive logon

  1. #1
    Join Date
    Jan 2009
    Posts
    1

    Smart card is required for interactive logon

    Need some urgent suggestions from you all. In our Office, there are many people who need to login with their Smart Card and many who can login Without Smart Card. But there is just one guy whom we haven’t assign the card and hence we setup his account to login by entering username and password.

    But the problem is that every day he comes to office, he need to call me, I need to go to AD and uncheck the box for "Smart card is required for interactive logon" so that he can work for that particular day but this process needs to be repeated again next day.

    Is there are any permanent work around for this? Please give some advice.

  2. #2
    Join Date
    Jan 2010
    Posts
    1
    Yep, there is a trick in Registry where you can make some change to fix this. Just open the registry editor and navigate to the following location:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
    Here you will find an entery named ScForceOption. Just double click this entry and change its value to 0 (zero).

  3. #3
    Join Date
    Mar 2010
    Posts
    1

    Re: Smart card is required for interactive logon

    On a related note, has anyone had an issue where if they want to turn on "Require Smart Card" for certain privileged accounts in active directory, it works, but if you then untoggle the "Require smart card" attribute on the user object, it seems to invalidate the active directory user account password, needing a manual password change. The password last set attribute still shows the time of the previous AD password change, but it just seems that toggling "require smart card" mangles it and doesn't update the password last set attribute in AD.

  4. #4
    Join Date
    Aug 2010
    Posts
    1

    Re: Smart card is required for interactive logon

    We are just starting to look at using SmartCards and I am seeing the exact same thing. Can anyone point to a Microsoft doc that describes the relationship between the SmartCard and AD passwords?

  5. #5
    Join Date
    Aug 2006
    Posts
    209

    Re: Smart card is required for interactive logon

    Smartcard logon in part works by having a Domain Controller template based certificate in the authenticating domains local computer certificate stores. In the more straightforward scenario of an Enterprise Certificate Authority, where information regarding the installed CA is stored in the forest AD, the domain controller certificate is auto enrolled to the domain controller as a matter of course. That can make for a nice starting place for configuring smartcard logon to work in your environment.
    Blessings to you

Similar Threads

  1. Replies: 2
    Last Post: 27-05-2009, 06:50 PM
  2. Account as a service without Interactive logon?
    By CaspaR in forum Small Business Server
    Replies: 2
    Last Post: 28-11-2008, 11:19 PM
  3. Smart Card Certificate based logon with Windows XP SP2
    By Kr8zyCanuck in forum Operating Systems
    Replies: 2
    Last Post: 05-11-2008, 05:17 PM
  4. Smart Card Logon
    By Lindberg in forum Windows Security
    Replies: 5
    Last Post: 16-09-2008, 04:00 PM
  5. Replies: 1
    Last Post: 05-03-2008, 03:46 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,653,656.12695 seconds with 17 queries