I have been tasked to enroll PIV Card and then enable them for logon with Windows 7 for a federal client. I am new to this domain and have tried to do lot of reading related to the field, but could find information in bits and pieces only. I followed "HSPD-12 Logical Access Authentication and 2008 Active Directory Domains" paper at the following link http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=9427#overview. As per the paper "The Windows 7 Base Cryptographic Service Provider (CSP) includes NIST SP800-73 support allowing the use of PIV smart cards for smart card logon, digital signature and encryption without requiring additional middleware. " I could not find any link on how to enroll PIV card on Microsoft Enterprise CA. I ended up buying Charismatics PIV middleware to enroll PIV card with Microsoft Enterprise CA. However, I am still not been able to use PIV card with Windows 7 without the middleware. Is there any document that provides the detail on how to enroll PIV card and use it for windows 7 logon without any middleware ?

You need to check with your smart card vendor if they are compatible with Windows 7 smart card Plug and Play and if they have published their drivers through Windows Update. /Hasain

1. Make sure you have installed MS enterprise CA on a server. 2. Run "certtmpl.msc" to open Certificate Templates Console, duplicate new certificate based on existing Smart Card Logon template(http://technet.microsoft.com/en-us/library/cc740077(v=WS.10).aspx), note you need to add EFS under Application Policies under Extensions tab. 3. Then issue the certificate template to the CA server(http://technet.microsoft.com/en-us/library/cc770794(v=WS.10).aspx). 4. Request a user certificate based on the certificate template, and then install the certificate to smard card. References http://technet.microsoft.com/en-us/library/cc960662.aspx http://technet.microsoft.com/en-us/library/ff404285(v=WS.10).aspx Regards, DianaPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

1. Make sure you have installed MS enterprise CA on a server. 2. Run "certtmpl.msc" to open Certificate Templates Console, duplicate new certificate based on existing Smart Card Logon template(http://technet.microsoft.com/en-us/library/cc740077(v=WS.10).aspx), note you need to add EFS under Application Policies under Extensions tab. 3. Then issue the certificate template to the CA server(http://technet.microsoft.com/en-us/library/cc770794(v=WS.10).aspx). 4. Request a user certificate based on the certificate template, and then install the certificate to smard card. References http://technet.microsoft.com/en-us/library/cc960662.aspx http://technet.microsoft.com/en-us/library/ff404285(v=WS.10).aspx Regards, DianaPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Any update Regards, DianaPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hello Diana, Thanks for your help. I found that other than certificate, windows 7 needs Card holder Unique ID (CHUID) field for the card to be recognized.

Hello Diana, Thanks for your help. I found that other than certificate, windows 7 needs Card holder Unique ID (CHUID) field for the card to be recognized. Thank you for sharing. Regards, DianaPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.