Smart card required for interactive logon
Hi ,
what is the meaning of these in AD. These options are available in user properties in the Account TAb.
1-Smart card required for interactive logon.
2-Account is trusted for delegation
3-Account is senstive cant be delegated
4-Use kerberos DES
5-Dont Require Kerberos
Regards
Anil
Hello,
You will have to logon to domain using a Smart Card. Interactive logon: Require smart card
Allows a service running under this account to perform operations on behalf of other user accounts on the network. A service running under a user account (otherwise known as a service account) that is trusted for delegation can impersonate a client to gain
access to resources on the computer where the service is running or to resources on other computers
You can use this option if the account, for example a Guest or temporary account, cannot be assigned for delegation by another account.
Provides support for the Data Encryption Standard (DES). DES supports multiple levels of encryption.
Provides support for alternative implementations of the Kerberos protocol.
For a full explanation refer to below links:
Understanding User Accounts
Delegating authentication
Regards.
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers?
Similar Messages
-
What are the video card requirements for running a 23" cinema display
What are the video card requirements for running a 22" cinema display(clear acrylic case) w/ a PC? My motherbaord is AGP. Thanks to anyone who can help.
Intel P4 3.0ghz Windows XPHi Lionel,
As a general rule of thumb, the ATI Rage 128 Pro will not support a 20" LCD. That being said, there are reports of it doing just that (possibly the edition that went into the cube).
I'm not that familiar with the ins and outs of the Cube, so I can't give you authoritative information on it.
A good place to start looking for answers is:
http://cubeowner.com/kbase_2/
Cheers!
Karl -
Smart card authentication for IOS device
I am just wondering if anyone was able to successfully implement smart card authentication for vty and console session. if anyone did, can you please point me to the documentation and the implementation guide? thanks
Actually, with the rsa key pair setup in ISO 15+, you can use a smart card to authenticate to cisco switches. I'm still working out all the details but you would need SecureCRT or Putty-CAC. SecureCRT allows you to export the public key from a pki cert and then import that into the switch/router. The disadvantage is you can only use the first cert in the list. Putty-CAC allows you to select which PKI cert you want to use but I haven't verified you can export the public key from a cert. If you contact me, I'll email you the info need to use use SecureCRT.
-
Smart Card login for ordinary folk
Hi,
I used to use the OpenSC project for Smart Card login, but I believe that with changes in OS X 10.8 it's no longer an option.
What affordable solutions are there for genuine Smart Card login for OS X 10.8? YubiKey doesn't support anything more than entering a static password pre-stored on the device, and when I last tried Rohos it was abysmal.I'm guessing that since you are not entering a password, the sparse bundle is not being unlocked. I don't know of a way to tie it to the smart card login. It sounds similar to when you put a different password on your default keychain. It won't unlock on login because you are not entering its password.
-
Smart card development for desktop applications
I'm totally new to smart cards and would like to get learn some about it. I'd like to build programs which have simple interaction with a smart card for storing information there and light processing.
I thought about buying Gemplus 430USB reader.
Could someone suggest a java card for me?
P.S.
How hard (if at all) is it to build the most simple application and install it on a smart card?I'm totally new to smart cards and would like to get
learn some about it. I'd like to build programs which
have simple interaction with a smart card for storing
information there and light processing.
I thought about buying Gemplus 430USB reader.I don't know this reader, just make sure it's PC/SC compliant. You shouldn't have to spend more then $20 on a reader that you can develope with. The American Express Blue or Visa readers would do fine(I use the Amex Blue) and they are free if you get the credit card(at least in the United States).
Could someone suggest a java card for me?I use IBM's JCOP10. It's IBM's low cost JavaCard.
You can probably purchase one from my company
www.orga.com
>
P.S.
How hard (if at all) is it to build the most simple
application and install it on a smart card?Depends on your programming ability. -
Hi everybody, I'm new in this topic...
I want install a Smart Card reader on my Thinkpad T410 2537-WBB but I don't say what I need. There are two component, the 60Y5029 and the 60Y5030...what is the right one? And I must also buy a cable 45M2894? Thanks and sorry for my english
Solved!
Go to Solution.h2bazza wrote:
Thanks wditters!! What is the difference between 60Y5029 and 60Y5030? Can you suggest me a store?
The difference is possibly a brand thing, for instance Gemplus and or another brand. Not a clue and not really important. Any Lenovo dealer should be able to order the parts directly form IBM. End users cannot.
Lenovo Premium Business Partner
X1 Carbon Touch | i7-3667U | 8Gb | 256Gb | HD 4000 | 14HD+ | WWAN | W8.1 Pro RTM x64 | -
Why XL line cards required for OTV?
According to Cisco's website, there are specific types of line cards required to support OTV on N7K (N7K-8 port 10GbE with XL options, or N7K-48 port 10/100/1000 Module with XL option).
Q1: Do I have to use the physical ports on those line cards to make OTV related interfaces? Can I use logical interfaces, and use physical ports on those line cards for non-OTV connectivity, such as used as a layer 2 access port?
Q2: Since OTV feature is enabled globally, why the requirements for specific line cards in the first place? What the features/services provided by the line cards for OTV operations?
Thanks.Has anyone seen design docs that suggest using 10-Gig ports for the OTV interfaces? I know the Q&A indicates support for all M1 line cards (not F1 or F2), but I'm wondering if there's any clearly defined design reason for not using the 1-G line cards for this (such as the N7K-M148GS-11L).
I'm basically asking if it would be recommended (for a system with no additional open 10-G ports) to purchase another 10-G blade (such as the N7K-M108X2-12L at $27), or could we do the job with spare ports on an existing 1-G card? I've been through several docs, and while none of them indicate 10-G connectivity is mandatory, I'm hoping for a reason why Cisco might be pushing/recommending this for any size of OTV deployment.
Thank you. -
Hello everybody,
I have a T510 4313-CTO with a contact smart card reader.
I just wanted to know if the contactless smart card reader 60Y5031 is both contactless and contact reader or contactless only.
If it's contactless only, is there an option to have both in the machine ?
It's kind of difficult to find infos about it.
Thanks,
Vince.
Knowledge is of two kinds. We know a subject ourselves, or we know where we can find information on it.
ThinkPad T510 4313-CTO Windows 8 x64 - Intel Core i7-620M - NVIDIA NVS 3100M - 8GB RAM - 240GB SSD- Intel Centrino Ultimate-N 6300 - Gobi 2000.
ThinkPad Helix 3697-CTO Windows 8.1 x64 - Intel Core i7-3667U - Intel HD Graphics 4000 - 8GB RAM- 256GB SSD - Intel Centrino Advanced-N 6205 - Ericsson C5621gw
Solved!
Go to Solution.Vince69 wrote:
Hello everybody,
I have a T510 4313-CTO with a contact smart card reader.
I just wanted to know if the contactless smart card reader 60Y5031 is both contactless and contact reader or contactless only.
If it's contactless only, is there an option to have both in the machine ?
It's kind of difficult to find infos about it.
Thanks,
Vince.
You can slide a card into it, I have yet to get it to recognize a contactless card without sliding it in. -
I had problems with Aperture 3.4.1. It was telling me that my video card isn't supported. Funny thing is I was using it earlier today. I trashed the application and downloaded it again. Now it hangs up and won't load or I get the occasional note that the graphics card doesn't meet requirements.
All,
One last trip to the well today and seems llike it is resolved. The end fix was to create a new user account and then drag my data over from my existing user account. It seems that there was something within my existing user library that was currupting Aperture causing it to fail to at launch. Couldn't figure out what exactly, but this seems to have done the trick. Now i have been working for the better part of the day in a stable manner. I will update in another day assuming all is well. Good luck if you have this problem it is a total pain in the a**. -
Software and Interface card required for DNP3 communication with a protection relay?
I am looking to build a SCADA Master to perform DNP3 communication between the Master and an Outstation device. I would like to know apart from the Ni - Industrial comm software is there any other Interface card I require to accomplish this task?
According to this article, that’s all you need. Just make sure you run applications as an administrator and that you don’t have any type of network restrictions. Since you have it installed, I encourage you to test the functionality/connectivity through the shipping examples, which are located on your hard disc at ...LabVIEW XXX\examples\DNP3 folder (also visible at the NI Example Finder). You can modify an example VI to fit an application, or you can copy and paste from one or more examples into a VI that you create.
Alejandro | Academic Program Engineer | National Instruments -
What are the requirement for sap logon...
HI expert ,
i am working on remote site and i want install sap logon i have a hostname ,sap roting string system id , and instance no.i configured it but i am not able
connect to application server message showing...
partner sap routstring ip(115.115......:3299 not reached
time
component-ni
release720
version40
module-nixxi.cpp
line-3286
method-nipconnect
return code
error no 10061
error text wsaeconnrefused connection refused
counter -7Hello Ashish,
then you may need to check the router string carefully if it is correct. "connection refused" in your error message means, that either the program is not running and not listening to the port 3299 on the affected server, or connection data are wrong. Do you have a SAProuter trace and did SAProuter notice in the trace, that you are trying to connect to it?
regards,
Alwina -
Windows 8.1 default logon prompt for smart card instead of username/password
Hello,
We are currently in our pre-deployment test phase for Windows 8.1 and are trying to knock out the high visibility problems that we notice. One of the issues we've noticed:
When logging into Windows, the default prompt is for a username/password. all of our users are using smart cards, so they have to click "sign-in options", click the smart card icon, and then enter their PIN. How would I change the startup
screen to default to smart card?
Also, when locking the screen by removing the card it again prompts for the username/password when unlocking the screen. So the users again have to click on "sign-in options" and select the smart card, otherwise they risk locking out their
account by entering the PIN in the username/password field.
when locking the screen via ctrl-alt-del or windows-L unlocking does default to the smart card, so I know it can be done!
thanks,
-NickHi,
I'm afraid we couldn't change the Sign-in Options order, I checked GP and Registry, there is no way to do it.
However, there is another way is just enable "Require smart card" In GP. While after this policy enabled, All users will have to use smart cards to log on to the network. This means that the organization must have a reliable public key infrastructure (PKI)
in place, and provide smart cards and smart card readers for all users.
Location: GPO_name\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
Roger Lu
TechNet Community Support -
Use smart card for 802.1x secured WiFi authentication
Hi,
is it possible to use a certificate stored on a USB Security Token for WiFi 802.1x authentication?
I have setup a test environment with all required components (AD, Enterprise CA, NPS, WPA2-Enterprise capable WiFi Access Point, all required certificates, all Server 2012 R2 / Windows 8.1 Pro) and created a user certificate for WPA2-Enterprise secured
WiFi access (802.1x). Everthing works fine as long as the user certificate is stored in the local certificate store of the user's client computer: The user can connect to the WiFi network and the NPS logs show that the user has been authenticated correctly
and granted access.
To test this scenario with a Smart Card (Safenet USB Token), I stored that same user certificate on the token (incl. private key). The Safenet software on the client computer automatically makes the certificate stored on the token available in the local
certificate store as soon as the token has been plugged in (checked via MMC Certificates snap-in). But the certificate can't obviously be used for the desired WiFi authentication: If I try to connect the secured WiFi (the same as in scenario 1) the connection
fails.
As I'm using exactly the same certificate in both scenarios, I don't think there's anything wrong with the settings in the certificate, the NPS or any other infrastructure component. The reason for failure in scenario 2 must be lying somewhere in either
the local client computer configuration or in the Safenet software on the client computer.
I'm very familiar with all the PKI and authentication stuff, but I'm new to smart cards. Are there differences between different types of smart cards and for what purpose one can use them? (USB tokens, chip cards, virtual tokens, etc.?)
Has anybody experience in creating a 802.1x secured WiFi access with smart card based user certificates who could advise?
Thanks + Best Regards
MattHi,
I found some links form technet site which can be helpful in this case
Network access authentication and certificates
http://technet.microsoft.com/en-us/library/cc759575(v=ws.10).aspx
Enable smart card or other certificate authentication
http://technet.microsoft.com/en-us/library/cc737336(v=ws.10).aspx
Quote:
Client certificate requirements
With EAP-TLS or PEAP-EAP-TLS, the server accepts the client authentication attempt when the certificate meets the following requirements:
The client certificate is issued by an enterprise CA or mapped to a user or computer account in Active Directory.
The user or computer certificate on the client chains to a trusted root CA, includes the Client Authentication purpose in EKU extensions (the object identifier for Client Authentication is 1.3.6.1.5.5.7.3.2), and fails neither the checks that are performed
by CryptoAPI and specified in the remote access policy nor the Certificate object identifier checks that are specified in IAS remote access policy.
The 802.1X client does not use registry-based certificates that are either smart card-logon or password-protected certificates.
For user certificates, the Subject Alternative Name (SubjectAltName) extension in the certificate contains the user principal name (UPN).
For computer certificates, the Subject Alternative Name (SubjectAltName) extension in the certificate must contain the client's fully qualified domain name (FQDN), which is also called the DNS name
Yolanda Zhu
TechNet Community Support -
I am using pretty much the default setup. I cannot figure out how to disable this. I do not want to use smart cards.
Any ideas?Does this mean you're trying to RDP from an XP box, therfore have the Remote Desktop feature on the server set to "less secure"? Sounds like thats what disables network authentication, prompting the Smart Card request.
If you simply click to login as a different user, you can login without a smart card, to include the same user as was being prompted for the card.
I expect if you choose the Remote Desktop feature requires network authentication on the server, the smart card requirement goes away, but you'll need to login from Win7 or newer clients. Not sure where Vista falls, probably okay too. -
Java Game Smart Card Implementation
Hi,
As an assignment i have been told to design a smart card application,(theory only). My idea was that of cross-platform java games that could be stored on a smart card,so for example:
-the smart card could be used in PC and mobile (allowing games to be restarted at the same stage).
-the card would store high scores, character info, and background environments
- the card could send game data to friends, by either using the smart card in their devices or via the internet extracting and downloading from the card, or better still off the phone to anothers phone by selecting them from the address book
I was wondering if there were any other ideas that i could use, and more importantly the technical details of how to implement such a card
-ie which card
-how much memory
-the equipment required
I would appreciate all the help you could give me, and it is quite an interesting topic.
thanks
jaghttp://forum.java.sun.com/thread.jsp?forum=23&thread=357393&tstart=0&trange=15
Maybe you are looking for
-
How can I import *just* the new images in a folder?
Is there anyway to import only the images within a folder that aren't already in the library? This seems to be the default behavior in Lightroom and makes really good sense. If I add an image to a folder without doing so in Aperture, I'd really like
-
Character Direction override in Word 2003 imports
I've searched for Character Direction and seen mainly mentions of ME and foreign language conversions right to left and left to right. We do not use ME or any foreign language features. The behavior I'm troubleshooting for InDesign CS5 7.0.3 importin
-
I want to post the values of the form in the same Jsp Page
I want to post the values of the form in the same Jsp page.
-
ITunes not displaying some songs on Library
Okay I've had this problem for quite sometime and it's been bugging me because I have no idea how to fix it. It seems that whenever I change the actual file name of the song (ie. songs that I've ripped from CD's that that say "Track 1" I just change
-
Loading albums - to keep them as albums
I want to load albums so I can select and play them as albums. Don't want the tracks extracted and presented as one long list which is what's happened on loading my albums.. So can someone explain how I load albums so I can select that album and play