Just wondering if anyone knows if its possible to set the default logon prompt as smart card?

Currently, it prompts you with the last used method (i.e. username and password or smart card and pin).

I know that you can force smart card only logon by "scforce" Group Policy (Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Option), but I want to keep the options and just make it a default option.

I also tried changing the "LastLoggedOnProvider" in the to the smartcard option here "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" and here "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData", but this did not make any difference.

did you notice this step?

http://msdn.microsoft.com/en-us/library/cc775842(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/ff404297(v=ws.10).aspx

http://support.microsoft.com/kb/281245/en-us

• Edited by britishdhez Wednesday, May 07, 2014 8:28 AM

Hi britishdhez, which step? I've read a lot of that technical documentation, but can't see the particular solution I'm looking for in there. Our smartcard and PKI infrastructure are up and running and working. More specifically though, I'd like workstations to show the smartcard logon option by default when windows boots up.

set the group policy
GPO computer configuration, administrative templates, system,logon | Exclude credetial providers

Please enable this policy and input the CLSIDs for smartcard credential provider:

Smartcard Credential Provider  {8bf9a910-a8ff-457f-999f-a5ca10b4a885}

If that does not work, please also exclude

Smartcard Pin Provider  {94596c7e-3744-41ce-893e-bbf09122f76a}

• Edited by britishdhez Thursday, May 08, 2014 2:22 AM

Thanks britishdhez<abbr class="affil"></abbr>. But I don't think that's what I'm looking for. I want to make smartcard and the default option, but also allow users to change to username and password if necessary.

As far as I can see, doing as you outlined would prevent smartcard being a logon option ("This policy setting allows the administrator to exclude the specified credential providers from use during authentication.").

Similarly, I don't want to prevent the use of username and password either, just make smartcard the constant default.

Hi,

What the exact UI do you want? Did you want smart card and other user option both show at logon screen?

Please look at if this "Interactive logon: Require smart card" Group policy object meet your requirement.

Interactive logon: Require smart card

http://technet.microsoft.com/en-us/library/cc782056(v=ws.10).aspx

Hi,

Was your issue resolved?

If yes, we will archive this thread temporarily.

If no, please reply and tell us the current situation.

If you have any other question, feel free to contact us. We will try our best to help you.

Hi Karen. I would like user to be presented with "smart card sign-in" as the default option. Sorry, I cannot final a relevant image on-line of what this looks like in 8.1. But I also want the option of username and password to still be available. This can be done by clicking on "sign-in options".

For example in the W7 image below, you can see what the smartcard default logon looks like. But you still have the "switch user" button which gives the option of alternative logon methods.

As stated earlier, I don't want the GP to force "Interactive logon: Require smart card", as this will mean smartcard is the ONLY method available of logging in.

• Edited by dude -d Friday, May 23, 2014 10:22 AM

I have the exact same situation as dude -d, (and I've read most of the same documentation already linked by others in this thread.)

In our domain environment, when Win7 clients are booted the user is presented with the "last used" log-on mechanism (either [domain\]username+password, *or* smartcard) by default, and the user has the option to change to an alternative. (See dude -d's screenshot above.)

But the Win8 clients are presented with un+pw as the default option REGARDLESS of which mechanism was last used.  Since in our organization use of smartcards is the preferred (but not required) option, we'd like to have that be the default presented to our users.

We do NOT want to "require" smartcard for log-on.

Help, please.  Thank you!

• Edited by SJP Thursday, October 23, 2014 1:56 PM

Have you tried:  Interactive logon: Do not display last user name Disabled This will allow the last logon type to be remembered and the next time the user goes to logon it should show the smartcard option first (assuming the last time they logged on was via smartcard). With Interactive logon: Do not display last user name set to enabled Windows 8 will show the Other User logon. See https://support.microsoft.com/en-us/kb/2741622?wa=wsignin1.0

 

• Proposed as answer by ZenShaze 18 hours 20 minutes ago

Have you tried:  Interactive logon: Do not display last user name Disabled This will allow the last logon type to be remembered and the next time the user goes to logon it should show the smartcard option first (assuming the last time they logged on was via smartcard). With Interactive logon: Do not display last user name set to enabled Windows 8 will show the Other User logon. See https://support.microsoft.com/en-us/kb/2741622?wa=wsignin1.0

 

• Proposed as answer by ZenShaze Thursday, April 30, 2015 1:02 PM

dude -d,

Were you ever able to get this resolved? We have the same situation as you did and cannot figure out how to resolve it.

SJP,

Were you ever ablt to get this resolved? We have the same situation as you did and cannot figure out how to resolve it.

Karen,

Do you know if there was ever a solution found for this issue?

I am having the same problem on Server 2012 R2. I do not want users to have to click Smart Card under Sign-In Options.

Did anyone figure this out?