Require smart card

[Guest]

Hi,

I am applying a Group Policy to an OU which contains only one computer account (my pc). The pc is in Active Directory and my user is there either. The pc has Windows XP SP1 with all the latest patches, the server is running Win2K3 enterprise edition.
The problem: after enabling the "Interactive logon: Require smart card", the pc seems not to apply that policy. In fact, it is possible to log on with a password anyway... I know that there is an accout attribute that prevents it (and that works), but I want to disable the possibility to log on with a password for the whole computer, and not only for the user; my goal is not to allow an user to press CTRL+ALT+DEL to log on (neither I want the message "press CTRL+ALT+DEL" to appear). The policy "Interactive logon: Do not require CTRL+ALT+DEL" is of no use to me, because it would allow automatic logon without anything to a computer... just the opposite scenario I want to realize.

Anyone can help me?

TIA,
-E

 

[Steven L Umbach]

Create a common user account with a password. You may want to configure it
so that the user can not change the passsword. I believe that disabling
ctrl-alt-dlt only allows a boot into the logon screen, but does not activate
auto logon. --- Steve

Hi,

I am applying a Group Policy to an OU which contains only one computer

account (my pc). The pc is in Active Directory and my user is there either.
The pc has Windows XP SP1 with all the latest patches, the server is running
Win2K3 enterprise edition.

The problem: after enabling the "Interactive logon: Require smart card",

the pc seems not to apply that policy. In fact, it is possible to log on
with a password anyway... I know that there is an accout attribute that
prevents it (and that works), but I want to disable the possibility to log
on with a password for the whole computer, and not only for the user; my
goal is not to allow an user to press CTRL+ALT+DEL to log on (neither I want
the message "press CTRL+ALT+DEL" to appear). The policy "Interactive logon:
Do not require CTRL+ALT+DEL" is of no use to me, because it would allow
automatic logon without anything to a computer... just the opposite scenario
I want to realize.

 

[Guest]

I can't. I am in a testing environment now, but I am going to deploy AD & policies in a domain with 2500 users... a common user would be a catastrophic solution... What I want is: allowing logon in every pc with a smart card *only*, using the keyboard to enter the pin *only*

TIA,
-E

----- Steven L Umbach wrote: -----

Create a common user account with a password. You may want to configure it
so that the user can not change the passsword. I believe that disabling
ctrl-alt-dlt only allows a boot into the logon screen, but does not activate
auto logon. --- Steve

 

[Steven L Umbach]

Sorry. I misunderstood your scenario. I am not an advocate of common logon
account. I have not had experience with smart card logon. I plan to test
something similar soon. --- Steve

I can't. I am in a testing environment now, but I am going to deploy AD &

policies in a domain with 2500 users... a common user would be a
catastrophic solution... What I want is: allowing logon in every pc with a
smart card *only*, using the keyboard to enter the pin *only*