Solved

Configure a Windows USB key for client logins

Posted on 2006-06-26
4
245 Views
Last Modified: 2010-04-11
Hi,

I am looking for a way to have my users login to there Windows XP Pro workstations using a USB memory key. I would want them to connect the key to a USB slot and just have to enter a PIN in order for them to automatically login to windows without having to enter a username or password, just a PIN.

I do not want to use any third party applications or softwares. I would like to set this up myself using Microsoft Windows. I currently have 3 servers that are domain controllers and run AD. I have about 20 workstations at one site.

I would like to know how to configure the memory key to hold a PKI if needed and how to configure the OS end. Any suggestions would definitely be appreciated.

Thank you,

Sergio
0
Comment
Question by:serg2626
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 7

Accepted Solution

by:
Okigire earned 500 total points
ID: 16993165
As far as I know, this can't be done natively with Windows.  You don't need to use 3rd party software per se, but if you don't you will have to custom develop your own software to interact with Windows.  As far as I know, the only login method Windows has "built in" is for smartcards.  Otherwise, you will have to modify the authentication system yourself.

I haven't done this myself, but have seen many resources on developing this... search for GINA for Windows authentication and you should get more information about the auth library and development information.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 17160935
MS is recommending 3rd party tools themself:

http://www.microsoft.com/windowsserver2003/partners/rmspartners.mspx

SafeNet technology offers USB authentication tokens that eliminate user names and passwords; SSL acceleration devices providing fast and secure online transactions; software security, and licensing products preventing software piracy.

With windows vista, you can use bitlocker:

http://www.microsoft.com/technet/windowsvista/security/bittech.mspx
BitLocker offers the option to lock the normal boot process until the user supplies a PIN, much like an ATM card PIN, or inserts a USB flash drive that contains keying material. These additional security measures provide multi-factor authentication and assurance that the computer will not boot or resume from hibernation until the correct PIN or USB flash drive are presented.


Tolomir
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question