Requiring Smart Card logon

Windows will allow a user to logon using a smart card whenever a smart card reader is identified, and a smartcard logon certificate is available at logon.  However, by default, Windows does not require a smart card for logon when it is available. You can set the following group policy security settings to force use of a smart card.

Before setting this policy make sure you have a emergency access process in place for users when they lose their smart card, or when their smart card is blocked.  You can provide users (such as traveling employees) with a second card or token. You can set up an alternative log on process (such as OTP based). Or, for smaller deployments, an alternative is to leave password based logon enabled, but to randomize the passwords for all users, so that the password is not known to the user. Then when a user needs emergency access, the administrator can reset the password and allow the user to use the password untill the smart card is replaced with a new one or unblocked.

Policy

 Key  Default  Description

Interactive logon:
Require smart card

scforceoption

 

Disabled

 
 

This security policy setting requires users to log on to a computer by using a smart card. Enabled   Users can only log on to the computer by using a smart card. Disabled   Users can log on to the computer by using any method.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk