Vista logon with smart card

  • Thread starter Thread starter TRossi
  • Start date Start date
T

TRossi

How do I configure Vista to allow me logon to my home computer using a DoD
issued smart card. It is currently used to access my DoD e-mail and for
e-signature authorization, and has the ability to logon to DoD owned systems
& networks. The card reader and 3rd party software (Activeclient) are both
cuurently installed and working properly
--
R.L.T.W.
 
On Tue, 12 Feb 2008 13:28:01 -0800, TRossi wrote:

> How do I configure Vista to allow me logon to my home computer using a DoD
> issued smart card. It is currently used to access my DoD e-mail and for
> e-signature authorization, and has the ability to logon to DoD owned systems
> & networks. The card reader and 3rd party software (Activeclient) are both
> cuurently installed and working properly

Unless your computer is joined to the domain/forest from which the card was
issued, you can't use the card for logon. Smart card logon to a Windows
system requires Kerberos authentication and in a work group environment you
don't have Kerberos.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
One if by LAN, two if by C. -- Paul Revere, as told by John Karwoski
 
"TRossi" . wrote in message
news:B6B050D4-C163-4C67-9F7D-277E36C2686F@microsoft.com...
> How do I configure Vista to allow me logon to my home computer using a DoD
> issued smart card. It is currently used to access my DoD e-mail and for
> e-signature authorization, and has the ability to logon to DoD owned
> systems
> & networks. The card reader and 3rd party software (Activeclient) are
> both
> cuurently installed and working properly
> --
> R.L.T.W.
Why do you even want to be able to use a government-owned smart card on your
personal computer? You need to set up a smart card for your own personal
usage and keep the two applications separate for security reasons. I don't
think you have thought this through properly.

--
Allan
 
Last edited by a moderator:
Paul,

Is this a Vista OS issue? DoD owned laptops running XP which are issued by
my HQ are configured to allow smart card login without network / domain
connection. The initial smart card login requires netwrok / domain
connection, but all usage after does not. And to be honest I have no idea
what a Kerberos is. I am not an IT person just an end user with a bit more
knowledge than the average joe.
--
R.L.T.W.


"Paul Adare" wrote:

> On Tue, 12 Feb 2008 13:28:01 -0800, TRossi wrote:
>
> > How do I configure Vista to allow me logon to my home computer using a DoD
> > issued smart card. It is currently used to access my DoD e-mail and for
> > e-signature authorization, and has the ability to logon to DoD owned systems
> > & networks. The card reader and 3rd party software (Activeclient) are both
> > cuurently installed and working properly
>
> Unless your computer is joined to the domain/forest from which the card was
> issued, you can't use the card for logon. Smart card logon to a Windows
> system requires Kerberos authentication and in a work group environment you
> don't have Kerberos.
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> One if by LAN, two if by C. -- Paul Revere, as told by John Karwoski
>
 
On Wed, 13 Feb 2008 09:54:01 -0800, TRossi wrote:

> Is this a Vista OS issue? DoD owned laptops running XP which are issued by
> my HQ are configured to allow smart card login without network / domain
> connection. The initial smart card login requires netwrok / domain
> connection, but all usage after does not.

No, this is not a Vista issue. The DoD owned laptops are joined to one of
the DoD domains which is why you can logon with the CAC. They need to be
connected to the domain for the initial logon at which time logon
credentials are cached. Once the credentials are cached, they can logon
with no connection.
Your home computer is not joined to one of the DoD domains so you'll never
be able to use your CAC for logon.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
Overflow on /dev/null please empty the bit bucket.
 
Paul,

Thanks, not what I wanted to hear but now I know.
--
R.L.T.W.


"Paul Adare" wrote:

> On Wed, 13 Feb 2008 09:54:01 -0800, TRossi wrote:
>
> > Is this a Vista OS issue? DoD owned laptops running XP which are issued by
> > my HQ are configured to allow smart card login without network / domain
> > connection. The initial smart card login requires netwrok / domain
> > connection, but all usage after does not.
>
> No, this is not a Vista issue. The DoD owned laptops are joined to one of
> the DoD domains which is why you can logon with the CAC. They need to be
> connected to the domain for the initial logon at which time logon
> credentials are cached. Once the credentials are cached, they can logon
> with no connection.
> Your home computer is not joined to one of the DoD domains so you'll never
> be able to use your CAC for logon.
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> Overflow on /dev/null please empty the bit bucket.
>
 
TRossi,
Disregard the gentlemens answers below, they obviously do not know your
needs for CAC login (AKO Guest Acct Management, LOGSA, HRC, etc.

Here is what you need to do:
1. Login to AKO, go to "Quick Links" "CAC Resource Center"
2. Follow the instructions and download Active Client 6.0 or 6.1 (32 bit file)
3. Open the middleware (Active Client), go to the "Tools" tab, "Advanced",
"Make Certificates Available to Windows"
4. Register your CAC with AKO (unless you have already done so from a
military domain).

This will get you going...........
Chief Out


"TRossi" wrote:

> How do I configure Vista to allow me logon to my home computer using a DoD
> issued smart card. It is currently used to access my DoD e-mail and for
> e-signature authorization, and has the ability to logon to DoD owned systems
> & networks. The card reader and 3rd party software (Activeclient) are both
> cuurently installed and working properly
> --
> R.L.T.W.
 
I forgot to mention if you need a driver for that older model reader for XP
or Vista, go to
http://www.scbsolutions.com/support.htm


"TRossi" wrote:

> How do I configure Vista to allow me logon to my home computer using a DoD
> issued smart card. It is currently used to access my DoD e-mail and for
> e-signature authorization, and has the ability to logon to DoD owned systems
> & networks. The card reader and 3rd party software (Activeclient) are both
> cuurently installed and working properly
> --
> R.L.T.W.
 
Citibank virtual numbers

Anyone know how to resolve the incompatibility issues with Vista and
Citibank credit cards virtual card numbers?
Thanks
 
Re: Citibank virtual numbers

Use the online version instead of the downloaded version.

"Gretchen" <minermucker@jeffbb.net> wrote in message
news:uBRpyAOgIHA.3780@TK2MSFTNGP06.phx.gbl...
> Anyone know how to resolve the incompatibility issues with Vista and
> Citibank credit cards virtual card numbers?
> Thanks
 
I have to disagree - this is not a DoD problem. My personal desktop - which
is running XP - was not issued by the government and has never been in their
possession. However, XP allowed me to set up the reader and drivers and is
working with no gliches using my DoD issued smart card. This has to be a
Vista problem - I downloaded the drivers for another reader onto my laptop
seems to be working. But not allowing the website to see my certificate.
Vista is telling me that it doesn't have enough information about the issuer.
Sounds like a security setting....????

"Paul Adare" wrote:

> On Wed, 13 Feb 2008 09:54:01 -0800, TRossi wrote:
>
> > Is this a Vista OS issue? DoD owned laptops running XP which are issued by
> > my HQ are configured to allow smart card login without network / domain
> > connection. The initial smart card login requires netwrok / domain
> > connection, but all usage after does not.
>
> No, this is not a Vista issue. The DoD owned laptops are joined to one of
> the DoD domains which is why you can logon with the CAC. They need to be
> connected to the domain for the initial logon at which time logon
> credentials are cached. Once the credentials are cached, they can logon
> with no connection.
> Your home computer is not joined to one of the DoD domains so you'll never
> be able to use your CAC for logon.
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> Overflow on /dev/null please empty the bit bucket.
>
 
On Tue, 3 Jun 2008 16:11:01 -0700, Kat Kirby wrote:

> I have to disagree - this is not a DoD problem. My personal desktop - which
> is running XP - was not issued by the government and has never been in their
> possession. However, XP allowed me to set up the reader and drivers and is
> working with no gliches using my DoD issued smart card. This has to be a
> Vista problem - I downloaded the drivers for another reader onto my laptop
> seems to be working. But not allowing the website to see my certificate.
> Vista is telling me that it doesn't have enough information about the issuer.
> Sounds like a security setting....????

You're comparing apples to oranges here. The original post was asking about
using the CAC card to logon with, not simply to access a web site.

>
> "Paul Adare" wrote:
>
>> On Wed, 13 Feb 2008 09:54:01 -0800, TRossi wrote:
>>
>>> Is this a Vista OS issue? DoD owned laptops running XP which are issued by
>>> my HQ are configured to allow smart card login without network / domain
>>> connection. The initial smart card login requires netwrok / domain
>>> connection, but all usage after does not.
>>
>> No, this is not a Vista issue. The DoD owned laptops are joined to one of
>> the DoD domains which is why you can logon with the CAC. They need to be
>> connected to the domain for the initial logon at which time logon
>> credentials are cached. Once the credentials are cached, they can logon
>> with no connection.
>> Your home computer is not joined to one of the DoD domains so you'll never
>> be able to use your CAC for logon.
>>
>> --
>> Paul Adare
>> MVP - Virtual Machines
>> http://www.identit.ca
>> Overflow on /dev/null please empty the bit bucket.
>>


--
Paul Adare
http://www.identit.ca
Overflow on /dev/null please empty the bit bucket.
 
Back
Top