[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 111
  • Last Modified:

Smart Card solution for PC access in a active directory domain environment

We have a small office. 1 Domain Server running windows server 2008.  12 computers (6 laptops and 6 desktops).  Looking for a system that will allow us to login by swiping a card.
0
rrincones
Asked:
rrincones
  • 2
  • 2
1 Solution
 
Adam BrownSr Solutions ArchitectCommented:
You need a few things...

1. A Certificate Authority - You can do this with Windows Server. Install the AD Certificate Services role. https://www.youtube.com/watch?v=8IVrQRkoDhg should go over the process of getting this set up.
2. A smart card writer
3. Smart card readers on all machines

There isn't a way to do login with a card "swipe," though. Smart cards have to be inserted and remain inserted throughout the session. If the card is removed, it will usually force logoff. The smart card stores a copy of the assigned user's Certificate and Private Key, which are used to authenticate and decrypt communications, so removing the smart card will usually result in communication with AD failing, so the card has to be inserted the entire time you're logged in.
1
 
rrinconesAuthor Commented:
ok. thank you.

any particular brand for reader and writer?
0
 
Adam BrownSr Solutions ArchitectCommented:
Not really. Anything that can read a smart card will do. The technology is very lightweight, so there probably isn't much difference between brands.
0
 
rrinconesAuthor Commented:
thank you very much.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now