Windows logon with certificate on the certificate store
Hello,
We have a PKI and we don't want to purchase external devices to store certificate securely. However we would like the user to use 2 factors authentication with a certificate .
By putting a a certificate we issued in the OS certificate store (that will be stored in the registry), therefore the certificate is stored on the machine.
I was wondering if it was possible for a user to authentication at logon with the AD password and the certificate on the machine? In summary is the GINA able to check the certificate in the registry at logon?
Cheers
M.
May 4th, 2011 12:55pm
No, I’m afraid that’s impossible.
When you logon, you can use PKI logon or admin password logon. But you cannot use both at the same time.
Seven
Free Windows Admin Tool Kit Click here and download it now
May 6th, 2011 9:37am
so for windows logon, I can put in place the below to access the workstation
User ID certificate password
even if the OS is not completely started and the certificate is in the certificate store (i.e. somewhere in the registry)?
May 6th, 2011 11:32am