Solved

Smart Card solution for PC access in a active directory domain environment

Posted on 2016-07-28
4
83 Views
Last Modified: 2016-08-21
We have a small office. 1 Domain Server running windows server 2008.  12 computers (6 laptops and 6 desktops).  Looking for a system that will allow us to login by swiping a card.
0
Comment
Question by:rrincones
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 41

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41733615
You need a few things...

1. A Certificate Authority - You can do this with Windows Server. Install the AD Certificate Services role. https://www.youtube.com/watch?v=8IVrQRkoDhg should go over the process of getting this set up.
2. A smart card writer
3. Smart card readers on all machines

There isn't a way to do login with a card "swipe," though. Smart cards have to be inserted and remain inserted throughout the session. If the card is removed, it will usually force logoff. The smart card stores a copy of the assigned user's Certificate and Private Key, which are used to authenticate and decrypt communications, so removing the smart card will usually result in communication with AD failing, so the card has to be inserted the entire time you're logged in.
1
 

Author Comment

by:rrincones
ID: 41733805
ok. thank you.

any particular brand for reader and writer?
0
 
LVL 41

Expert Comment

by:Adam Brown
ID: 41753244
Not really. Anything that can read a smart card will do. The technology is very lightweight, so there probably isn't much difference between brands.
0
 

Author Closing Comment

by:rrincones
ID: 41764772
thank you very much.
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question