Solved

Smart Card solution for PC access in a active directory domain environment

Posted on 2016-07-28
4
57 Views
Last Modified: 2016-08-21
We have a small office. 1 Domain Server running windows server 2008.  12 computers (6 laptops and 6 desktops).  Looking for a system that will allow us to login by swiping a card.
0
Comment
Question by:rrincones
  • 2
  • 2
4 Comments
 
LVL 39

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41733615
You need a few things...

1. A Certificate Authority - You can do this with Windows Server. Install the AD Certificate Services role. https://www.youtube.com/watch?v=8IVrQRkoDhg should go over the process of getting this set up.
2. A smart card writer
3. Smart card readers on all machines

There isn't a way to do login with a card "swipe," though. Smart cards have to be inserted and remain inserted throughout the session. If the card is removed, it will usually force logoff. The smart card stores a copy of the assigned user's Certificate and Private Key, which are used to authenticate and decrypt communications, so removing the smart card will usually result in communication with AD failing, so the card has to be inserted the entire time you're logged in.
1
 

Author Comment

by:rrincones
ID: 41733805
ok. thank you.

any particular brand for reader and writer?
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 41753244
Not really. Anything that can read a smart card will do. The technology is very lightweight, so there probably isn't much difference between brands.
0
 

Author Closing Comment

by:rrincones
ID: 41764772
thank you very much.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server 2008R2 Event logs for user sign on failures 11 43
AD 20012 r2 / vmware horizon 6 37
Domain admin accounts get locked out 35 58
AD Sites/AD Replication 11 34
Synchronize a new Active Directory domain with an existing Office 365 tenant
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question