Solved

Configure a Windows USB key for client logins

Posted on 2006-06-26
4
239 Views
Last Modified: 2010-04-11
Hi,

I am looking for a way to have my users login to there Windows XP Pro workstations using a USB memory key. I would want them to connect the key to a USB slot and just have to enter a PIN in order for them to automatically login to windows without having to enter a username or password, just a PIN.

I do not want to use any third party applications or softwares. I would like to set this up myself using Microsoft Windows. I currently have 3 servers that are domain controllers and run AD. I have about 20 workstations at one site.

I would like to know how to configure the memory key to hold a PKI if needed and how to configure the OS end. Any suggestions would definitely be appreciated.

Thank you,

Sergio
0
Comment
Question by:serg2626
4 Comments
 
LVL 7

Accepted Solution

by:
Okigire earned 500 total points
ID: 16993165
As far as I know, this can't be done natively with Windows.  You don't need to use 3rd party software per se, but if you don't you will have to custom develop your own software to interact with Windows.  As far as I know, the only login method Windows has "built in" is for smartcards.  Otherwise, you will have to modify the authentication system yourself.

I haven't done this myself, but have seen many resources on developing this... search for GINA for Windows authentication and you should get more information about the auth library and development information.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 17160935
MS is recommending 3rd party tools themself:

http://www.microsoft.com/windowsserver2003/partners/rmspartners.mspx

SafeNet technology offers USB authentication tokens that eliminate user names and passwords; SSL acceleration devices providing fast and secure online transactions; software security, and licensing products preventing software piracy.

With windows vista, you can use bitlocker:

http://www.microsoft.com/technet/windowsvista/security/bittech.mspx
BitLocker offers the option to lock the normal boot process until the user supplies a PIN, much like an ATM card PIN, or inserts a USB flash drive that contains keying material. These additional security measures provide multi-factor authentication and assurance that the computer will not boot or resume from hibernation until the correct PIN or USB flash drive are presented.


Tolomir
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now