Posted March 30, 200915 yr Hello, I have three questions regarding the GPO setting "Prevent plaintext PINs from being returned by credential manager" do? It is found under Computer Configuration -> .. -> ADMX -> Windows Components -> Smartcard. 1. The explanation found in the group policy editor states that: "If you enable this setting, credential manager does not return a plaintext PIN". The question is then: To whom will it not return a plaintext PIN? To the LSA? To the BaseCSP? To a random user asking for it? 2. When this setting is enabled, what encryption algorithm is used on the PIN, and what key is used? 3. When this setting is enabled, smartcard login works fine. However, smartcard enrollment does not work - when enrolling, the following message is displayed after entering the smartcard PIN the first time in the enrollment process: "Computer Policy prohibits performing this operation because the card does not support the required level of security". The question is: Why does login work with this setting, but not signing? Thank you very much!
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.