How to know login type

[marek zegarek]

Hello!

How can I know, that user is using smartcard or login/password to login into
Windows XP?
Any registry values or something like that?
Where can I found any informations about it?

 

[David H. Lipman]

From: "marek zegarek" <[email protected]>

| Hello!
|
| How can I know, that user is using smartcard or login/password to login into
| Windows XP?
| Any registry values or something like that?
| Where can I found any informations about it?
|

Yes !

However I don't have the EXACT information handy. :-(

Look in...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

If you login with your Domain Username a key (which I don't have handy) will show the Domain
Username. If you login with a Smart Card it will show the ID Number of that Smart card
user.

 

[marek zegarek]

Which key should it be?
- AltDefaultDomainName & AltDefaultUserName?
- CachePrimaryDomain
- DefaultDomainName
Only thet keys have my domain set (now i'm logged by login/password).

 

[David H. Lipman]

From: "marek zegarek" <[email protected]>

| Which key should it be?
| - AltDefaultDomainName & AltDefaultUserName?
| - CachePrimaryDomain
| - DefaultDomainName
| Only thet keys have my domain set (now i'm logged by login/password).

Sorry,
I have not memorized that key, I am NOT at work and I don't have access to it right now :-(

Login with Smart card and compare the keys.

 

[Steven L Umbach]

Check the logon events or account logon events in the security log of the
computer via Event Viewer. There will probably be some distinction that will
be apparent when you view both types such as for logon process or
authentication package.

Steve

 

[marek zegarek]

Nothing changed
But i'm looking now at winlogon notifications and maybe this could help me.
Thanks for an answer!

 

[David H. Lipman]

From: "marek zegarek" <[email protected]>

| Nothing changed
| But i'm looking now at winlogon notifications and maybe this could help me.
| Thanks for an answer!
|


I sincerely apologize !

I gave you the WRONG information.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Examine the key; "Logon User Name"

I check this key in my Domain Login Script.

It will be different if you authenticate with a Smart Card or use the Domain username.

Again, I am sorry for the confusion I may have caused you.

 

[Paul Adare]

microsoft.public.windowsxp.security_admin news group, David H. Lipman

I sincerely apologize !

I gave you the WRONG information.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Examine the key; "Logon User Name"

I check this key in my Domain Login Script.

It will be different if you authenticate with a Smart Card or use the Domain username.

Again, I am sorry for the confusion I may have caused you.

As is currently being discussed in microsoft.public.security, checking
the contents of the above registry value (it is a value, not a key) is
_not_ a reliable method to determine if a smart card was used for
logon. Checking the contents of that value will tell you the following:

1. If the value does not contain the UPN ([email protected]) of
the user account, it indicates that the user logged in with just their
logon account name.
2. If the value does contain the UPN it indicates that they either
logged on with a smart card OR that they logged on by entering their
UPN name in the user name field and there is no way to tell which was
used.

So this is not a reliable method to use. Honestly, there is no sure
fire way to determine whether or not a smart card was used for logon in
Windows 2000, XP, or Windows Server 2003. IIRC, this is being changed
in Vista and Longhorn though I can't recall exactly what the change is.