Hi folks,
Anyone out there with a really functional and detailed guide to enable 3rd party smartcard logon to Windows?
So far I've seen stuff that's inaccurate and/or out dated.
Thanks a bunch.
~dannyCS
3rd party smartcard logon
- 468 Views
- Last Post 14 August 2019
daemonr00t
posted this
11 August 2019
daemonr00t
posted this
12 August 2019
Anyone out there?
~s
Sent from Windows Mail
Ravi.Sabharanjak
posted this
13 August 2019
Does this help?
https://support.microsoft.com/en-us/help/281245/guidelines-for-enabling-smart-card-logon-with-third-party-certificatio
In short:- install smart card capable cert on DCs. We use one that also has our ldap vip name in the SAN.- create templates for smart card enrollment.- install drivers- set account options to require smart card. (Optional)- group policy on devices to require smart card for logins.(optional)- install smart card drivers.
We use an internal pki for the cards, external should work as long as the chain is trusted.
If you lock down accounts and servers to smart cards, be aware that there is no access if there is an issue with the pki infra.
Recently, I heard about a product (Entrust?) That uses your phone to store the identify cert, instead of a physical card. Would be interested in learning more about this if anyone has tried this.
-Ravi
chriss3
posted this
13 August 2019
It all depends on the 3rd party implementation, you’re saying 3rd party Smart Cards – this can be everything from having their own CSP, Min-driver, Middleware.
Or do you mean a 3rd party CA for issuing Certificates for Smart Cards?
I have ben working this 3rd party for example:
https://www.secmaker.com/en/secmaker
daemonr00t
posted this
14 August 2019
Thanks so much!
There’s a glitch in the formatting of the cert.
I guess we’ll have to that address or explorer another provider.
Thank you both Ravi and Christoffer again.
~danny
Sent from Mail for Windows 10
