Install the C2 Minidriver
Microsoft Windows require the C2 Minidriver to be installed on the client computer or server where the smart card certificate is used. Some C2 smart card support the Windows Plug and Play auto install on Windows 7 and above. For computers that do use these cards, or that do not support Plug and Play, download the C2 minidriver installer from tagliosc.com/download/tagliomd.zip and install the minidriver on every system you want to use the smart card.
Change the default Admin Key
The Card Admin key is a cryptographic key that is used to control certain functions on the card. The most important function is "Unblocking"� a smart card. This occurs when a user has forgotten their PIN, or has entered the wrong PIN too many times, blocking the card. If you don't change the default admin key, anyone that can access the card can unblock the user PIN.
The default Admin Key is:
�The key is forty eight (48) zeroes which represent 24 HEX bytes.
(The admin key is in fact a 3DES cryptographic key)
Windows does not provide a default tool to change the Admin key. All card management systems do have such functionality. For example, with Microsoft Forefront Identity manager (FIM) there is a "Diversify Admin Key"� option.
If you dont have a card management system, you can use the free vSEC:CMS utility provided on the Taglio site. To read how to use the utility to change the Admin key, see the vSEC:CMS forum.
Change the Default User PIN
The security of a smart card depends on the security of the card (something you have) and the User PIN (something you know). The PIN change functionality is built into Windows 7 and above: CTR/ALT/DEL, select "Change Password"�, select "Other Credentials", and then change the PIN. You can also use the vSEC:CMS utility to manage the PIN.
The default user PIN is "0000".
Enroll a Smart Card certificate on the card.
Confirm you have a Windows Domain server running with the Microsoft Certificate Authority, and make sure you have a usable Smart Card certificate template. Log on as the user. Run mmc.exe. Add the Certificate Snap In. Right click on the "Personal"� directory and select "Request New Certificate".
To learn more about setting up a Certificate Template on your Windows CA, and to enroll users, see the Windows Certificate Authority Forum.