Administrator Use

Administrator Use
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Administrator Use Eddie 11-06-2005
`--> Re: Administrator Use Miha Pihler [MV...11-07-2005
Posted by =?Utf-8?B?RWRkaWU=?= on November 6, 2005, 7:39 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Here is my issue. I want my Administrators to need to use smart card or some
type of secondary authenication when they log in as a domain/enterprise
admin. I was thinking of using a usb as the 2nd part authenication. Does
anyone know how to set this up? I would like to use something built into
Windows like pki etc. Thanks.

Posted by Miha Pihler [MVP] on November 7, 2005, 3:08 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Windows 2000 and later have built in support for Smart Cards.

To use smart cards you have to set up (or use someone's PKI infrasturcture).
If you want to build your own PKI here are some white papers you can look
at...

New features:
http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx
Operations guide:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx
Managing PKI:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx
Best Practices:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
Certificate templates -
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspx
Key archival -
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/kyacws03.mspx
Certificate Autoenrollment in Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
Advanced certificate enrollment:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx
web enrollment:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
EFS:
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
CRLS: http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx

And think about which smart cards to use since this will influence your
deployment. Some CSPs (Crypto Service Providers) are already included in
Windows and some you have to buy and later deploy in your environment.

--
Mike
Microsoft MVP - Windows Security

> Here is my issue. I want my Administrators to need to use smart card or
> some
> type of secondary authenication when they log in as a domain/enterprise
> admin. I was thinking of using a usb as the 2nd part authenication. Does
> anyone know how to set this up? I would like to use something built into
> Windows like pki etc. Thanks.



Similar ThreadsPosted
Administrator February 10, 2006, 9:02 pm
RE: Administrator password June 20, 2005, 7:33 am
Administrator Accounts July 11, 2005, 8:53 am
Administrator Reset December 2, 2005, 1:22 pm
Cluster Administrator May 26, 2005, 11:44 am
Administrator password June 14, 2005, 10:07 am
AD Administrator Password July 11, 2006, 12:20 pm
HOW CAN i GET THE ADMINISTRATOR PASSWORD? November 20, 2006, 7:41 am
HOW CAN i GET THE ADMINISTRATOR PASSWORD? November 20, 2006, 7:42 am
Administrator password March 16, 2007, 5:22 pm

The site map in XML format XML site map

Contact Us | Privacy Policy