microsoft.public.windowsxp.security_admin news group, David H. Lipman
I sincerely apologize !
I gave you the WRONG information.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Examine the key; "Logon User Name"
I check this key in my Domain Login Script.
It will be different if you authenticate with a Smart Card or use the Domain username.
Again, I am sorry for the confusion I may have caused you.
As is currently being discussed in microsoft.public.security, checking
the contents of the above registry value (it is a value, not a key) is
_not_ a reliable method to determine if a smart card was used for
logon. Checking the contents of that value will tell you the following:
1. If the value does not contain the UPN (
[email protected]) of
the user account, it indicates that the user logged in with just their
logon account name.
2. If the value does contain the UPN it indicates that they either
logged on with a smart card OR that they logged on by entering their
UPN name in the user name field and there is no way to tell which was
used.
So this is not a reliable method to use. Honestly, there is no sure
fire way to determine whether or not a smart card was used for logon in
Windows 2000, XP, or Windows Server 2003. IIRC, this is being changed
in Vista and Longhorn though I can't recall exactly what the change is.