Hello,

 I'm looking at an authentication method which ties a user down to hardware, I believe virtual smart cards can achieve this, what I'd like to know is:

- All of the examples I've seen refer to a PIN, however in practice can I enforce users to pick a regular 8 character password for their PIN and virtual smart card?

- Is it possible to combine a password and PIN with a virtual smart card?

- I have a scenario whereby I want to lend out laptops to remote staff, but must ensure only authorized users login to the laptops. If I enable virtual smart cards and force 8 character pins on the device, does this meet the requirement? I want to ensure it's impossible for user Z to pick up the laptop, bring it into the office, plug a network cable in and login as he normally would to any domain joined PC.

Thanks

• Edited by Peter.Siffredi Monday, August 24, 2015 8:45 AM

Hi Roger,

 I gave up on option 2 and ended up using a solution which turns USB sticks into virtual smart cards.

There's a significant amount of work to get it up and running, in short, the following changes worked for me:

- Ensured that the DC had both a domain controller and domain controller authentication certificate installed
- Ensured that the DC system account can access the pki CRL (tested using the certutil -url fetch command and psexec)
- Ensured that the correct template is loaded on my CA (using a custom template didn't cut it)

• Marked as answer by Peter.Siffredi 16 hours 50 minutes ago

Hi Roger,

 I gave up on option 2 and ended up using a solution which turns USB sticks into virtual smart cards.

There's a significant amount of work to get it up and running, in short, the following changes worked for me:

- Ensured that the DC had both a domain controller and domain controller authentication certificate installed
- Ensured that the DC system account can access the pki CRL (tested using the certutil -url fetch command and psexec)
- Ensured that the correct template is loaded on my CA (using a custom template didn't cut it)

• Marked as answer by Peter.Siffredi Wednesday, September 02, 2015 2:36 PM