{"id":72,"date":"2010-08-14T16:49:22","date_gmt":"2010-08-14T21:49:22","guid":{"rendered":"http:\/\/darwin-mach.net\/blog\/?p=72"},"modified":"2010-10-30T23:34:16","modified_gmt":"2010-10-31T04:34:16","slug":"enabling-smartcard-logon-for-active-directory","status":"publish","type":"post","link":"https:\/\/dmach.net\/blog\/2010\/08\/14\/enabling-smartcard-logon-for-active-directory\/","title":{"rendered":"Enabling Smartcard Logon for Active Directory"},"content":{"rendered":"<p>Since I couldn&#8217;t find an all-in-one guide anywhere out there, I&#8217;m going to write up a short post on how to enable smart card logon in a Microsoft Active Directory environment.<\/p>\n<p>It&#8217;s short since I&#8217;m a little bit lazy in documenting every step (these are mainly notes for myself), but if enough people request, I&#8217;ll expand this post to include more details.<br \/>\n<!--more--><br \/>\nRequirements:<br \/>\n&#8211; Active Directory (Windows 2003 and up). You cannot have smartcard login without some sort of directory service &#8211; that defeats the purpose of PKI.<br \/>\n&#8211; Smart card, smart card reader, and its middleware \/ drivers installed wherever you will be logging into the domain.<\/p>\n<p>Phases:<br \/>\nI. Install Certificate Services on a server that is part of the domain, configure a root CA, enable the Smartcard Logon certificate template<br \/>\nII. Create an GPO that auto-enrolls domain machines so that all your domain machines get a certificate &#038; can renew them automatically. Make sure computers and all domain controllers have a certificate.<br \/>\nIII. Logon to a domain machine, open Certificates snap-in for the current user, request new certificate, select &#8220;advanced options&#8221;, pick the CSP for your smartcard and complete the request.<br \/>\nIV. Test logins \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Since I couldn&#8217;t find an all-in-one guide anywhere out there, I&#8217;m going to write up a short post on how to enable smart card logon in a Microsoft Active Directory environment. It&#8217;s short since I&#8217;m a little bit lazy in documenting every step (these are mainly notes for myself), but if enough people request, I&#8217;ll [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,15],"tags":[55,60,56,58,59,57],"class_list":["post-72","post","type-post","status-publish","format-standard","hentry","category-it-security","category-tutorials","tag-active","tag-certificate","tag-directory","tag-logon","tag-pki","tag-smartcard"],"_links":{"self":[{"href":"https:\/\/dmach.net\/blog\/wp-json\/wp\/v2\/posts\/72","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmach.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmach.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmach.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmach.net\/blog\/wp-json\/wp\/v2\/comments?post=72"}],"version-history":[{"count":4,"href":"https:\/\/dmach.net\/blog\/wp-json\/wp\/v2\/posts\/72\/revisions"}],"predecessor-version":[{"id":132,"href":"https:\/\/dmach.net\/blog\/wp-json\/wp\/v2\/posts\/72\/revisions\/132"}],"wp:attachment":[{"href":"https:\/\/dmach.net\/blog\/wp-json\/wp\/v2\/media?parent=72"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmach.net\/blog\/wp-json\/wp\/v2\/categories?post=72"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmach.net\/blog\/wp-json\/wp\/v2\/tags?post=72"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}