Solved

Configure a Windows USB key for client logins

Posted on 2006-06-26
4
242 Views
Last Modified: 2010-04-11
Hi,

I am looking for a way to have my users login to there Windows XP Pro workstations using a USB memory key. I would want them to connect the key to a USB slot and just have to enter a PIN in order for them to automatically login to windows without having to enter a username or password, just a PIN.

I do not want to use any third party applications or softwares. I would like to set this up myself using Microsoft Windows. I currently have 3 servers that are domain controllers and run AD. I have about 20 workstations at one site.

I would like to know how to configure the memory key to hold a PKI if needed and how to configure the OS end. Any suggestions would definitely be appreciated.

Thank you,

Sergio
0
Comment
Question by:serg2626
4 Comments
 
LVL 7

Accepted Solution

by:
Okigire earned 500 total points
ID: 16993165
As far as I know, this can't be done natively with Windows.  You don't need to use 3rd party software per se, but if you don't you will have to custom develop your own software to interact with Windows.  As far as I know, the only login method Windows has "built in" is for smartcards.  Otherwise, you will have to modify the authentication system yourself.

I haven't done this myself, but have seen many resources on developing this... search for GINA for Windows authentication and you should get more information about the auth library and development information.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 17160935
MS is recommending 3rd party tools themself:

http://www.microsoft.com/windowsserver2003/partners/rmspartners.mspx

SafeNet technology offers USB authentication tokens that eliminate user names and passwords; SSL acceleration devices providing fast and secure online transactions; software security, and licensing products preventing software piracy.

With windows vista, you can use bitlocker:

http://www.microsoft.com/technet/windowsvista/security/bittech.mspx
BitLocker offers the option to lock the normal boot process until the user supplies a PIN, much like an ATM card PIN, or inserts a USB flash drive that contains keying material. These additional security measures provide multi-factor authentication and assurance that the computer will not boot or resume from hibernation until the correct PIN or USB flash drive are presented.


Tolomir
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question