Smart Card Offline Logon

[Guest]

Hi,
I am setting up a smart card logon environment.
Unfortunately I cant find a solution to Offline Logon using smart cards.

I have found the following information:
"The offline logon process does not involve certificates, only cached
credentials."
and
"In the smart card case, offline logon requires the user’s private key to
decrypt supplemental credentials originally encrypted using the user’s public
key. If the user has multiple smart cards then the supplemental credentials
must be encrypted and referenced based on the hash of the certificate to
ensure that the user can perform an offline logon regardless of what card is
used. "

However I have not found any "How to" documents on how to enable a user to
logon to his computer when not connected to the domain.
Is this at all possible with MS technology?
How do I configure this?

 

[Paul Adare]

microsoft.public.win2000.security news group, =?Utf-8?B?Um9kTWFu?=

However I have not found any "How to" documents on how to enable a user to
logon to his computer when not connected to the domain.
Is this at all possible with MS technology?
How do I configure this?

By default, there is nothing to configure. Assuming that cached logons
are not disabled by policy, and they are not by default, this just
works. I logon with a smart card and travel a lot and have no troubles
logging in while not connected. You will have to logon at least once
while connected in order to get the cached credentials.
Have you actually tried this yet?

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea