The use only smart cards for several hundred users

How can I assign soon as possible,
use only the smart card for
a few hundred users? I also have
a group of people who would like to allow the use of
a login and password, and smart card.
Using GPO to the computer,
will be applied to the station, and I would just like
to the user. I know that
the card user can select
to use a smart card, but
how to do it automatically for a group of people
(several hunderd)?

I would use LDAP query via GUI tools (like AD Administrative Console) or console tools (Active Directory PowerShell module) get target users by using some filter and enable smart card checkboxes. GPO cannot be used to make changes in AD.
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new:
PowerShell FCIV tool.

Similar Messages

  • Need advice for an application that restricts access to other applications using a smart card

    Hello everybody,
    I am developing a system that uses a smart card reader attached to a USB port of a PC.
    What the system should provide is:
    When computer boots up and shows the users login screen, a user, previously registered, can use his smart card to access the system, instead of entering his password
    Once the user is logged in, when he tries to launch an application, which has previously marked as "secured", a dialog box is shown indicating that the user has to present his smart card. If the smart card has access to the application, the application
    is launched, otherwise an error message is shown to the user and the application is not executed.
    I develop in C++ and C#. I have already created a library (in Visual C++) that manages the smart card reader and provides the card presented to it.
    Now I am developing the applicastion (in C#) that will configure the security (assigning cards to users and applications).
    Concerning this, I have 2 questions regarding each point above:
    Is it possible to create the centralized application that lists all users and allows to assign cards to them? Then, when the users login screen is shown, the system must access that data before logging in, so that it can check which card was presented and
    what user it corresponds to. I have seen in laptops, that have embedded fingerprint readers, a user must login to his account first and then he can register his fingerprints. In fact, what I need to do is something similar but with smart card reader instead
    of fingerprint reader. So, perhaps, user must login into his account first and then he will be able to add his card and store that information somewhere (in windows registry maybe).
    How can I launch my application when other application is executed but before its interface is actually shown? this is similar to what antivirus programs do, because they check the executable before it is actually ran. What is the best method to address
    the application? by executable file name? process name? or other? if the best is by process name, how can I know the process name without actually running the application?
    Well, that is all what I need to do. Please advice regarding this subject.
    I look forward to hearing from you,
    Best regards,
    Jaime
    Powered by C++

    > what was the guidance?
    1. Research other software that does similar things (not just exactly the same) as you need. If you like something in their solutions, copy it :)
    The only software I know that does that is an antivirus, but I am unlucky to find some code in c++ that allows to intercept the program execution before actually executing it.
    2. If a kernel driver would fit in your solution, go for it (google for what is available for free, or find a consultant to write it for you).
    There are a lot of information about kernel drivers, but the question is, is that really the solution?
    Otherwise, you can just hide the application from user's reach and substitute the executable in shortcuts, etc. to run your program instead.
    Definetly this is not the way to go
    What is the best method to address the application? by executable file name? process name? or other?
    By executable file name, like in the Windows Applocker, I think. Processes do not have names (they are artifact of Task manager and debugging tools, to represent the processes for user somehow). Or, only by the filename part of the full path.
    I agree with that
    if the best is by process name, how can I know the process name without actually running the application?
    When the user runs the application, the driver will detect this and do its magic.
    I have found this page: http://stackoverflow.com/questions/3556048/how-to-detect-win32-process-creation-termination-in-c. They mention WMI, but I will study it tommorow... it is so late for today :-)
    Regards,
    -- pa
    Regards
    Jaime
    Powered by C++

  • TS1646 We have several apple devices in our family who use my debit card for itune charges.  I need to find out which device (itune account) these charges are coming from.  Can you help?

    We have several apple devices in our family who use my debit card for itune charges.  I need to find out which device (itune account) these charges are coming from. Can you help?

    You can't tell which device a purhcase was made on, but if your family members each have their own iTunes account to which your card is linked then you can check the purchase history on each of those accounts via the Store > View Account menu option on your computer's iTunes - that should have 'purchase history' section with a 'see all' link to the right of it

  • Using Smart Cards for SSPR

    I'm working on ForeFront Identity Manager 2010. I'd like to enable AD users to use Smart Cards to reset their passwords. I watched this video www.youtube.com/watch?v=b4aGLnZHZN4. From this video (minute 2), it's said that we could use smart cards to authenticate
    to Self-service Password Reset instead of Q/A gate.
    I looked at ForeFront Identity Manager Portal but I couldn't find where to configure to use Smart Cards for this purpose. I only found "SMS authentication gate" and "Question and Answer Gate". Can somebody help me?
    Thanks,
    Hai

    I am still interested in Clients or other Inquiries in this
    Subject.

  • Why does the name change to my dad's name when I use his credit card for downloads?

    I have an iPod touch. I have my own apple ID and icloud account. Why does the name change to my dad's name when I use his credit card for downloads? Is there a way I can have my own account and use my dad's card without having his name on my photostream and icloud?
    I went on icloud.com and changed my name but it changes the credit card name to mine as well so I can't get apps unless its under his name, but it confuses everyone i share photo streams with, as there are two of my dads?
    My aunt is having the same problem with her photostream, so I know its not only me.

    I have this problem and it's annoying.  Plenty of people in this world do not pay for their own stuff!.  So i have 5 kids.  All there accounts show as my name when people add them for Photo streams etc etc.  This is ridiculous.  Why not seperate billing address / credit card details to the name of the person on the account?  Why do they have to be the same?

  • Authenticate to the Domain using a Smart Card

    Hi,
    I'm trying to get authenticated using the Smart Card but got the following error messages:
    On the Windows XP client, we inserted the PIV card, entered the PIN but received an error message “The system could not log you on.  The server authenticating you reported an error (0xC00000BB).”
    On the Windows 7 client, we received an error message “The system could not log you on.  You cannot use a smart card to log on because smart card logon is not supported for your user account.”
    Here is our environment:
    -          Domain:  Windows 2008 R2
    -          Client:  Windows XP SP3 and Windows 7
    -          Smart Card:  USAccess issued PIV card
    -          Care Reader:  SCR3310
    -          Middleware:  ActiveClient
    Here is what I have already done:
    -          Imported the following Entrust certificates from http://sspweb.managed.entrust.com/EMSPKIFSSPCACertificateInformation.html into the Domain under the Trusted Root Certification Authorities
    o   Common Policy CA Certificate
    o   Common Policy to EMSPKI trust certificate
    o   Federal Root CA Expires 06/01/2012
    o   Federal SSP CA Expires 05/31/2012
    o   Federal Root CA Expires 05/09/2019
    o   Federal SSP CA Expires 05/08/2019
    -          Added the certificates to the NTAuth store in the Domain
    -          Posted Domain controller certificate (issued by NIST internal CA) in the NTAuth store
    -          Updated my UPN on the domain to match with the Subject Alternative Name on the card “[email protected]
    -          Domain policy pushed down the Entrust certificates and Domain Controller certificate to the client computer
    -          Made PIV Card certificates available to the Windows via ActiveClient middleware
    Am I missing some steps or configuration? 
    Thank you,

    To solve one of the issues related to:
    "The system could not log you on. You cannot use a smart card to log on because smart card login is not supported for your user account. Contact
    your system administrator to ensure that smart card logon is configured for your organization."
    On the client side.
    Ensure that the Certificate is assigned the Client Authentication function.
    You can do this on Internet Explorer:
    Tools -> Internet Options -> Content -> Certificates
    Then select the certificate
    Click the ‘Advanced’ button, this opens the Advanced Options dialog box.
    Under ‘Certificate purposes:’ box check:
    |X| Client Authentication

  • Why being prompted for login/password when using OVDC, smart card,token/vdi

    Hello,
    I'm using VDI 3.2.1, OVDC, smart card and i assigned a smart card token to a desktop pool.
    Inserting the smart card triggers a new VDI desktop selector which prompts for the login and password.
    Is there any reason why VDI is prompting for the login/password in the VDI selector when using a smart card especially that the smart card token has been assigned to a desktop pool ?
    Thanks
    Thierry.

    You still have to authenticate to get a desktop. If you assigned a token to a pool, the ability to be assigned a desktop is based on the token not the user ID. That means that any user will be assigned a desktop if they use that card.

  • HT201454 How do you handle family members outside the household being a part of the Family Sharing program?  I don't want them using my credit card for itunes and/or apps on their phones - just want to be able to share pictures/videos.

    Wanted to include my sister and parents in the Family Sharing group under the iCloud app, but I don't want them using my credit card for their purchases.  We just wanted to be able to share pictures and/or videos and find each other, if necessary.  Is there a way around my card being the default for them when they go to purchase something?

    If you don't want your sister to make purchases on your credit card, then Family Sharing is not an appropriate way to do what you want. You can use Find my Friends to locate each other and you can use Shared Photo Streams to share photos.

  • I have been using my DEBIT card for over a year but recently I had to update my billing information, since then it will not accept my card. All the information is correct, it's just telling me to visit iTunes support. Can someone help me? Much appreciated

    I have been using my DEBIT card for over a year but recently I had to update my billing information, since then it will not accept my card. All the information is correct, it's just telling me to visit iTunes support. Can someone help me? Much appreciated

    Debit card? Are you sure?
    USA iTunes Store does not appear to accept debit cards - http://www.apple.com/legal/itunes/us/terms.html  "The iTunes Store, Mac App Store, App Store, and iBookstore services (“Services”) accept these forms of payment: credit cards issued by U.S. banks, payments through your PayPal account, iTunes Cards, iTunes Store Gift Certificates, Content Codes, and Allowance Account balances."

  • I have 6p from a gift card left in the English store and can't spend it. I want to change to the Irish store as I have an Irish gift card for me to redeem but it won't let me change store. Also I don't want to use a credit card for the last 6p.

    I have 6p from a gift card left in the English store and can't spend it. I want to change to the Irish store as I have an Irish gift card for me to redeem but it won't let me change store. Also I don't want to use a credit card for the last 6p.

    See:
    How to manage unused iTunes Gift Card and Gift Certificate balances

  • My problem is a sudden loss of ability to get to PSE12 Organizer when I tried to load a saved scan. Had been using the Organizer and the Editor with no problems for several hours just before that.     Can not load the Organizer from the icon at the bottom

    My problem is a sudden loss of ability to get to PSE12 Organizer when I tried to load a saved scan. Had been using the Organizer and the Editor with no problems for several hours just before that.  
    Can not load the Organizer from the icon at the bottom of  Editor screen, from the icon on the MacBook Air dock (OS 10.10.2),  nor from the file in applications located with Finder.
    I have tried without success to access Organizer after turning off and on the scanner, turning off and on the computer, loading a fresh copy of PSE12 from the CD, and restoring default preferences.  I have searched on line for other options but not  found any. 
    Can you help me?

    Not Charge
    - See:    
    iPod touch: Hardware troubleshooting
    iPhone and iPod touch: Charging the battery
    - Try another cable. The cable for 5G iPod (lightning connector) seems to be more prone to failure than the older cable.
    - If a 5G iPod               
    Iphone 5 lightning port charging problem - SOLUTION!
    - Try another charging source
    - Inspect the dock connector on the iPod for bent or missing contacts, foreign material, corroded contacts, broken, missing or cracked plastic.
    - Make an appointment at the Genius Bar of an Apple store.
      Apple Retail Store - Genius Bar

  • Intel HD Graphics 4000 IS THE ONLY GRAPHICS CARD FOR MINI?

    Intel HD Graphics 4000  IS THE ONLY GRAPHICS CARD FOR MINI? OR APPLE SELLS Minis WITH A REAL GRAPHICS CARD?

    lse123 wrote:
    BOTH MINIS AND APPLE EXT OPTICAL DRIVE are dual band 110V/240V correct?
    how much size has the box of mini and the optical drive?
    Look here for what you want:
    http://www.apple.com/mac-mini/specs.html

  • How would I use a credit card for In-app purchases instead of my gift card credit?

    I have a gift card credits linked to my account, but I do not want to use it for an in-app purchase.  I want to use my credit card for the purchase.  Is there any way around this?

    You can't for in-app purchases, when you have a balance on your account then that will automatically be used for your purchases.
    For other types of purchase you can try gifting the item to yourself so that your credit card is charged (gifting can only be done via a credit card), but you can't do that with IAPs.

  • How to prevent the use of wild cards in select-option

    Hello experts,
    Is it possible to prevent the use of wild cards in a select-option? If yes, how is it done please?
    I have a
    SELECT-OPTIONS: o_comp  FOR dbtab-field OBLIGATORY DEFAULT 'FI'.
    and, I want to prevent the users for giving in some thing like FI* with the wildcard bc it would lead to dump.
    I want an error message to display and prevent the users for making such entry.
    Please I need your help and I would be very grateful.
    Thanks
    Nadin

    You have to use SELECT_OPTIONS_RESTRICT to restrict input allowed. Call this FM in INITIALIZATION or SELECTION-SCREEN OUPUT sections.
    Sample :
    TYPE-POOLS: sscr.
    INITIALIZATION.
    * Restrict SELECT-OPTIONS
      PERFORM restrict_select.
    FORM restrict_select.
      DATA: restrict TYPE sscr_restrict,
            opt_list TYPE sscr_opt_list,
            *** TYPE sscr_***.
    * Défine select-options modes (aka option list)
    * - ALL standard - all options allowed
      CLEAR opt_list.
      MOVE 'ALL' TO opt_list-name.
      MOVE 'X' TO: opt_list-options-bt,
                   opt_list-options-cp,
                   opt_list-options-eq,
                   opt_list-options-ge,
                   opt_list-options-gt,
                   opt_list-options-le,
                   opt_list-options-lt,
                   opt_list-options-nb,
                   opt_list-options-ne,
                   opt_list-options-np.
      APPEND opt_list TO restrict-opt_list_tab.
    * - EQU only equality allowed (list of values)
      CLEAR opt_list.
      MOVE 'EQU' TO opt_list-name.
      MOVE 'X' TO opt_list-options-eq.
      APPEND opt_list TO restrict-opt_list_tab.
    * Affect modes to parameters or block of parameters
    * ALL by default
      CLEAR ***.
      MOVE: 'A'          TO ***-kind,
            '*'          TO ***-sg_main,
            'ALL'        TO ***-op_main.
      APPEND *** TO restrict-***_tab.
    * EQU to internal material number
      CLEAR ***.
      MOVE: 'S'          TO ***-kind,
            'S-MATNR'    TO ***-name,
            'I'          TO ***-sg_main, " no exclusion
            'EQU'        TO ***-op_main. " only value list
      APPEND *** TO restrict-***_tab.
    * Call  FM
      CALL FUNCTION 'SELECT_OPTIONS_RESTRICT'
           EXPORTING
                restriction = restrict
           EXCEPTIONS
                OTHERS      = 1.
    ENDFORM.                    " restrict_select
    In the sample, only select-options for matnr is restricted to single value list.
    For your request build a mode with all options except "pattern" ones : CP and NP.
    Regards

  • Using one packing instruction for several materials

    Dear Friends,
    I need some inputs on how to use one packing instruction for several materials.
    The scenarion here is :
    Many materials are packed in a similar way. If certain materials differ in only one characteristic (for example, construction), having to maintain a packing instruction for each of them results in a considerable time and efforts.
    Need some valuable inputs to complete this requirement.
    Regards,
    Harsh

    Hi.
    Try with reference material for packing (MARA-RMATP). Same material number must be entered on all materials which are packed through same packing instructions.
    Then you have to create/use access sequence for determination of packing instructions that contains that characteristic (RMATP).
    Best regards
    Milan

Maybe you are looking for

  • Can I change my font style

    I have a m4 aqua dual and running Android lollipop

  • Get-queue command in exchange 2013

    I want to know what is the new velocity option means when we type get-queue command in exchange 2013. 1dentity                                                 DeliveryType Status MessageCount Velocity RiskLevel OutboundIPPool XMAIL02\74177           

  • Could not enlist in transaction

    Hi All wls70 --> tux8.0 some times I get the following errors ==##[2004-07-08 08:43:57.516]##== HomeReceiver#[281] exception: interboss.util.InterException: -180001****??tuxedo????****TPESYSTEM(12):0:0:TPED_MINVAL(0):QMNONE(0):0:ERROR: Could not enli

  • Confirmation control key in PO

    Dear All, What is the use of conformation key in PO?? i know it is used to update the data given by vendor I need to know more abt the confirmations 0001 given in std PO After choosing that confirmation next what we need to do ?? pl reply i could not

  • Photoshop CC membership

    I've been waiting online for over an hour for someone to help me with my membership to Photoshop CC