Smart card required for interactive logon

Hi ,
what is the meaning of these in AD. These options are available in user properties in the Account TAb.
1-Smart card required for interactive logon.
2-Account is trusted for delegation
3-Account is senstive cant be delegated
4-Use kerberos DES
5-Dont Require Kerberos
Regards
Anil

Hello,
You will have to logon to domain using a Smart Card. Interactive logon: Require smart card
Allows a service running under this account to perform operations on behalf of other user accounts on the network. A service running under a user account (otherwise known as a service account) that is trusted for delegation can impersonate a client to gain
access to resources on the computer where the service is running or to resources on other computers
You can use this option if the account, for example a Guest or temporary account, cannot be assigned for delegation by another account.
Provides support for the Data Encryption Standard (DES). DES supports multiple levels of encryption.
Provides support for alternative implementations of the Kerberos protocol.
For a full explanation refer to below links:
Understanding User Accounts
Delegating authentication
Regards.
Mahdi Tehrani   |  
  |  
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers?

Similar Messages

  • What are the video card requirements for running a 23" cinema display

    What are the video card requirements for running a 22" cinema display(clear acrylic case) w/ a PC? My motherbaord is AGP. Thanks to anyone who can help.
    Intel P4 3.0ghz   Windows XP  

    Hi Lionel,
    As a general rule of thumb, the ATI Rage 128 Pro will not support a 20" LCD. That being said, there are reports of it doing just that (possibly the edition that went into the cube).
    I'm not that familiar with the ins and outs of the Cube, so I can't give you authoritative information on it.
    A good place to start looking for answers is:
    http://cubeowner.com/kbase_2/
    Cheers!
    Karl

  • Smart card authentication for IOS device

    I am just wondering if anyone was able to successfully implement smart card authentication for vty and console session.  if anyone did, can you please point me to the documentation and the implementation guide?  thanks

    Actually, with the rsa key pair setup in ISO 15+, you can use a smart card to authenticate to cisco switches.  I'm still working out all the details but you would need SecureCRT or Putty-CAC.  SecureCRT allows you to export the public key from a pki cert and then import that into the switch/router.  The disadvantage is you can only use the first cert in the list.  Putty-CAC allows you to select which PKI cert you want to use but I haven't verified you can export the public key from a cert.  If you contact me, I'll email you the info need to use use SecureCRT.

  • Smart Card login for ordinary folk

    Hi,
    I used to use the OpenSC project for Smart Card login, but I believe that with changes in OS X 10.8 it's no longer an option.
    What affordable solutions are there for genuine Smart Card login for OS X 10.8?  YubiKey doesn't support anything more than entering a static password pre-stored on the device, and when I last tried Rohos it was abysmal.

    I'm guessing that since you are not entering a password, the sparse bundle is not being unlocked. I don't know of a way to tie it to the smart card login. It sounds similar to when you put a different password on your default keychain. It won't unlock on login because you are not entering its password.

  • Smart card development for desktop applications

    I'm totally new to smart cards and would like to get learn some about it. I'd like to build programs which have simple interaction with a smart card for storing information there and light processing.
    I thought about buying Gemplus 430USB reader.
    Could someone suggest a java card for me?
    P.S.
    How hard (if at all) is it to build the most simple application and install it on a smart card?

    I'm totally new to smart cards and would like to get
    learn some about it. I'd like to build programs which
    have simple interaction with a smart card for storing
    information there and light processing.
    I thought about buying Gemplus 430USB reader.I don't know this reader, just make sure it's PC/SC compliant. You shouldn't have to spend more then $20 on a reader that you can develope with. The American Express Blue or Visa readers would do fine(I use the Amex Blue) and they are free if you get the credit card(at least in the United States).
    Could someone suggest a java card for me?I use IBM's JCOP10. It's IBM's low cost JavaCard.
    You can probably purchase one from my company
    www.orga.com
    >
    P.S.
    How hard (if at all) is it to build the most simple
    application and install it on a smart card?Depends on your programming ability.

  • Smart Card reader for T410

    Hi everybody, I'm new in this topic...
    I want install a Smart Card reader on my Thinkpad T410 2537-WBB but I don't say what I need. There are two component, the 60Y5029 and the 60Y5030...what is the right one? And I must also buy a cable 45M2894? Thanks and sorry for my english
    Solved!
    Go to Solution.

    h2bazza wrote:
    Thanks wditters!! What is the difference between 60Y5029 and 60Y5030? Can you suggest me a store?
    The difference is possibly a brand thing, for instance Gemplus and or another brand. Not a clue and not really important. Any Lenovo dealer should be able to order the parts directly form IBM. End users cannot.
    Lenovo Premium Business Partner
    X1 Carbon Touch | i7-3667U | 8Gb | 256Gb | HD 4000 | 14HD+ | WWAN | W8.1 Pro RTM x64 |

  • Why XL line cards required for OTV?

    According to Cisco's website, there are specific types of line cards required to support OTV on N7K (N7K-8 port 10GbE with XL options, or N7K-48 port 10/100/1000 Module with XL option).
    Q1: Do I have to use the physical ports on those line cards to make OTV related interfaces? Can I use logical interfaces, and use physical ports on those line cards for non-OTV connectivity, such as used as a layer 2 access port?
    Q2: Since OTV feature is enabled globally, why the requirements for specific line cards in the first place? What the features/services provided by the line cards for OTV operations?
    Thanks.

    Has anyone seen design docs that suggest using 10-Gig ports for the OTV interfaces? I know the Q&A indicates support for all M1 line cards (not F1 or F2), but I'm wondering if there's any clearly defined design reason for not using the 1-G line cards for this (such as the N7K-M148GS-11L). 
    I'm basically asking if it would be recommended (for a system with no additional open 10-G ports) to purchase another 10-G blade (such as the N7K-M108X2-12L at $27), or could we do the job with spare ports on an existing 1-G card?  I've been through several docs, and while none of them indicate 10-G connectivity is mandatory, I'm hoping for a reason why Cisco might be pushing/recommending this for any size of OTV deployment.
    Thank you.

  • Smart card reader for T510

    Hello everybody,
    I have a T510 4313-CTO with a contact smart card reader.
    I just wanted to know if the contactless smart card reader 60Y5031 is both contactless and contact reader or contactless only.
    If it's contactless only, is there an option to have both in the machine ?
    It's kind of difficult to find infos about it.
    Thanks,
    Vince.
    Knowledge is of two kinds. We know a subject ourselves, or we know where we can find information on it.
    ThinkPad T510 4313-CTO Windows 8 x64 - Intel Core i7-620M - NVIDIA NVS 3100M - 8GB RAM - 240GB SSD- Intel Centrino Ultimate-N 6300 - Gobi 2000.
    ThinkPad Helix 3697-CTO Windows 8.1 x64 - Intel Core i7-3667U - Intel HD Graphics 4000 - 8GB RAM- 256GB SSD - Intel Centrino Advanced-N 6205 - Ericsson C5621gw
    Solved!
    Go to Solution.

    Vince69 wrote:
    Hello everybody,
    I have a T510 4313-CTO with a contact smart card reader.
    I just wanted to know if the contactless smart card reader 60Y5031 is both contactless and contact reader or contactless only.
    If it's contactless only, is there an option to have both in the machine ?
    It's kind of difficult to find infos about it.
    Thanks,
    Vince.
    You can slide a card into it, I have yet to get it to recognize a contactless card without sliding it in.

  • I just downloaded Aperture 3.4.1 and now when I try and launch the application i get a warning that the video card doesn't meet the requirements.  I can't find any vieo card requirements for Aperture.  is this another bug?

    I had problems with Aperture 3.4.1.  It was telling me that my video card isn't supported.  Funny thing is I was using it earlier today.  I trashed the application and downloaded it again.  Now it hangs up and won't load or I get the occasional note that the graphics card doesn't meet requirements.

    All,
         One last trip to the well today and seems llike it is resolved.  The end fix was to create a new user account and then drag my data over from my existing user account.  It seems that there was something within my existing user library that was currupting Aperture causing it to fail to at launch.  Couldn't figure out what exactly, but this seems to have done the trick.  Now i have been working for the better part of the day in a stable manner.  I will update in another day assuming all is well.  Good luck if you have this problem it is a total pain in the a**.

  • Software and Interface card required for DNP3 communication with a protection relay?

    I am looking to build a SCADA Master to perform DNP3 communication between the Master and an Outstation device. I would like to know apart from the Ni - Industrial comm software is there any other Interface card I require to accomplish this task?

    According to this article, that’s all you need. Just make sure you run applications as an administrator and that you don’t have any type of network restrictions. Since you have it installed, I encourage you to test the functionality/connectivity through the shipping examples, which are located on your hard disc at ...LabVIEW XXX\examples\DNP3 folder (also visible at the NI Example Finder). You can modify an example VI to fit an application, or you can copy and paste from one or more examples into a VI that you create.
    Alejandro | Academic Program Engineer | National Instruments

  • What are the requirement for sap logon...

    HI expert ,
    i am working on remote site and i want install sap logon i have a hostname ,sap roting string system id , and instance no.i configured it but i am not able
    connect to application server message showing...
    partner sap routstring ip(115.115......:3299 not reached
    time
    component-ni
    release720
    version40
    module-nixxi.cpp
    line-3286
    method-nipconnect
    return code
    error no 10061
    error text wsaeconnrefused connection refused
    counter -7

    Hello Ashish,
    then you may need to check the router string carefully if it is correct. "connection refused" in your error message means, that either the program is not running and not listening to the port 3299 on the affected server, or connection data are wrong. Do you have a SAProuter trace and did SAProuter notice in the trace, that you are trying to connect to it?
    regards,
    Alwina

  • Windows 8.1 default logon prompt for smart card instead of username/password

    Hello,
    We are currently in our pre-deployment test phase for Windows 8.1 and are trying to knock out the high visibility problems that we notice.  One of the issues we've noticed:
    When logging into Windows, the default prompt is for a username/password.  all of our users are using smart cards, so they have to click "sign-in options", click the smart card icon, and then enter their PIN.  How would I change the startup
    screen to default to smart card?
    Also, when locking the screen by removing the card it again prompts for the username/password when unlocking the screen.  So the users again have to click on "sign-in options" and select the smart card, otherwise they risk locking out their
    account by entering the PIN in the username/password field.
    when locking the screen via ctrl-alt-del or windows-L unlocking does default to the smart card, so I know it can be done! 
    thanks,
    -Nick

    Hi,
    I'm afraid we couldn't change the Sign-in Options order, I checked GP and Registry, there is no way to do it.
    However, there is another way is just enable "Require smart card" In GP. While after this policy enabled, All users will have to use smart cards to log on to the network. This means that the organization must have a reliable public key infrastructure (PKI)
    in place, and provide smart cards and smart card readers for all users.
    Location: GPO_name\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
    Roger Lu
    TechNet Community Support

  • Use smart card for 802.1x secured WiFi authentication

    Hi,
    is it possible to use a certificate stored on a USB Security Token for WiFi 802.1x authentication?
    I have setup a test environment with all required components (AD, Enterprise CA, NPS, WPA2-Enterprise capable WiFi Access Point, all required certificates, all Server 2012 R2 / Windows 8.1 Pro) and created a user certificate for WPA2-Enterprise secured
    WiFi access (802.1x). Everthing works fine as long as the user certificate is stored in the local certificate store of the user's client computer: The user can connect to the WiFi network and the NPS logs show that the user has been authenticated correctly
    and granted access.
    To test this scenario with a Smart Card (Safenet USB Token), I stored that same user certificate on the token (incl. private key). The Safenet software on the client computer automatically makes the certificate stored on the token available in the local
    certificate store as soon as the token has been plugged in (checked via MMC Certificates snap-in). But the certificate can't obviously be used for the desired WiFi authentication: If I try to connect the secured WiFi (the same as in scenario 1) the connection
    fails.
    As I'm using exactly the same certificate in both scenarios, I don't think there's anything wrong with the settings in the certificate, the NPS or any other infrastructure component. The reason for failure in scenario 2 must be lying somewhere in either
    the local client computer configuration or in the Safenet software on the client computer.
    I'm very familiar with all the PKI and authentication stuff, but I'm new to smart cards. Are there differences between different types of smart cards and for what purpose one can use them? (USB tokens, chip cards, virtual tokens, etc.?)
    Has anybody experience in creating a 802.1x secured WiFi access with smart card based user certificates who could advise?
    Thanks + Best Regards
    Matt

    Hi,
    I found some links form technet site which can be helpful in this case
    Network access authentication and certificates
    http://technet.microsoft.com/en-us/library/cc759575(v=ws.10).aspx
    Enable smart card or other certificate authentication
    http://technet.microsoft.com/en-us/library/cc737336(v=ws.10).aspx
    Quote:
    Client certificate requirements
    With EAP-TLS or PEAP-EAP-TLS, the server accepts the client authentication attempt when the certificate meets the following requirements:
    The client certificate is issued by an enterprise CA or mapped to a user or computer account in Active Directory.
    The user or computer certificate on the client chains to a trusted root CA, includes the Client Authentication purpose in EKU extensions (the object identifier for Client Authentication is 1.3.6.1.5.5.7.3.2), and fails neither the checks that are performed
    by CryptoAPI and specified in the remote access policy nor the Certificate object identifier checks that are specified in IAS remote access policy.
    The 802.1X client does not use registry-based certificates that are either smart card-logon or password-protected certificates.
    For user certificates, the Subject Alternative Name (SubjectAltName) extension in the certificate contains the user principal name (UPN).
    For computer certificates, the Subject Alternative Name (SubjectAltName) extension in the certificate must contain the client's fully qualified domain name (FQDN), which is also called the DNS name
    Yolanda Zhu
    TechNet Community Support

  • Logging into Windows Server 2012 from Remote Desktop requires "Connect with Smart Card"; how do I disable this?

    I am using pretty much the default setup. I cannot figure out how to disable this. I do not want to use smart cards.
    Any ideas?

    Does this mean you're trying to RDP from an XP box, therfore have the Remote Desktop feature on the server set to "less secure"? Sounds like thats what disables network authentication, prompting the Smart Card request.
    If you simply click to login as a different user, you can login without a smart card, to include the same user as was being prompted for the card.
    I expect if you choose the Remote Desktop feature requires network authentication on the server, the smart card requirement goes away, but you'll need to login from Win7 or newer clients. Not sure where Vista falls, probably okay too.

  • Java Game Smart Card Implementation

    Hi,
    As an assignment i have been told to design a smart card application,(theory only). My idea was that of cross-platform java games that could be stored on a smart card,so for example:
    -the smart card could be used in PC and mobile (allowing games to be restarted at the same stage).
    -the card would store high scores, character info, and background environments
    - the card could send game data to friends, by either using the smart card in their devices or via the internet extracting and downloading from the card, or better still off the phone to anothers phone by selecting them from the address book
    I was wondering if there were any other ideas that i could use, and more importantly the technical details of how to implement such a card
    -ie which card
    -how much memory
    -the equipment required
    I would appreciate all the help you could give me, and it is quite an interesting topic.
    thanks
    jag

    http://forum.java.sun.com/thread.jsp?forum=23&thread=357393&tstart=0&trange=15

Maybe you are looking for

  • How can I import *just* the new images in a folder?

    Is there anyway to import only the images within a folder that aren't already in the library? This seems to be the default behavior in Lightroom and makes really good sense. If I add an image to a folder without doing so in Aperture, I'd really like

  • Character Direction override in Word 2003 imports

    I've searched for Character Direction and seen mainly mentions of ME and foreign language conversions right to left and left to right. We do not use ME or any foreign language features. The behavior I'm troubleshooting for InDesign CS5 7.0.3 importin

  • I want to post the values of the form in the same Jsp Page

    I want to post the values of the form in the same Jsp page.

  • ITunes not displaying some songs on Library

    Okay I've had this problem for quite sometime and it's been bugging me because I have no idea how to fix it. It seems that whenever I change the actual file name of the song (ie. songs that I've ripped from CD's that that say "Track 1" I just change

  • Loading albums - to keep them as albums

    I want to load albums so I can select and play them as albums. Don't want the tracks extracted and presented as one long list which is what's happened on loading my albums.. So can someone explain how I load albums so I can select that album and play