Smart Card and Active Directory Login

I've setup smart card login. Its working well.

The AD option that requires user to use a smart card for authentication is nice but not enough.

Can I enforce smart card logon AND active directory password. So a user has to first enter AD account (username/password) AND THEN use smart card + pin?

I know I could enforce a more complex pin, resembling AD passwords, but managing the pins could become difficult.

It seems like smart card + pin is clumsy unless using third party software. 

July 22nd, 2015 7:24pm

> Can I enforce smart card logon AND active directory password

no, it is not supported by PKCA.

Free Windows Admin Tool Kit Click here and download it now
July 22nd, 2015 9:25pm

Why is a smartcard/pin not enough? It is one of the strongest authentication methods available as it is a true two-factor authentication. The pin is useless without the smartcard, and v
July 23rd, 2015 9:04am

On Wed, 22 Jul 2015 19:24:31 +0000, TechNetPaul wrote:

Can I enforce smart card logon AND active directory password. So a user has to first enter AD account (username/password) AND THEN use smart card + pin?

I know I could enforce a more complex pin, resembling AD passwords, but managing the pins could become difficult.

How long is the PIN on your debit card/credit card? My guess would be 4
numeric characters. When I ask that question of CxO's who insist on complex
PIN rules it usually ends the discu

Free Windows Admin Tool Kit Click here and download it now
July 23rd, 2015 10:49am

My apologizes if you thought ANYTHING in my response was read as being flippant or a smart ass. It was a question to understand what you are trying to achieve - it's an unusual request so to help, some additional information was helpful.

I hope you were able to find the details you were looking for somewhere then.

July 23rd, 2015 8:05pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics