Verify AD User CAC Logons

Verify AD User CAC Logons
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Verify AD User CAC Logons Crisoft 06-22-2006
Posted by =?Utf-8?B?Q3Jpc29mdA==?= on June 22, 2006, 4:40 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Does anyone know of an easy way of verifying/Checking on a users workstation
that they have been authenticated by using thier CAC?
--
Thanks!

Crisoft


Posted by S. Pidgorny on June 26, 2006, 6:14 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Please elaborate?

I'd say that if the workstation isn't connected to your network, you have no
visibility of that whatsoever, and nothing you can do about it. It's hard
enough to achieve endpoint inspection in the networked scenario.

Full disk encryption products (like Bitlocker in Vista) give you mitigating
control for the lost/stolen asset situation.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

> Does anyone know of an easy way of verifying/Checking on a users
> workstation
> that they have been authenticated by using thier CAC?
> --
> Thanks!
>
> Crisoft
>



Posted by Brian Komar on June 26, 2006, 8:02 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> Please elaborate?
>
> I'd say that if the workstation isn't connected to your network, you have no
> visibility of that whatsoever, and nothing you can do about it. It's hard
> enough to achieve endpoint inspection in the networked scenario.
>
> Full disk encryption products (like Bitlocker in Vista) give you mitigating
> control for the lost/stolen asset situation.
>
>
The only way to verify CAC authentication is to configure the account to require
smart card
for interactive logon and force the user to logon with smart cards (CACs).
There is no way today to validate whether a user with knowledge of their
password used a
smart card or their password.

For a VPN scenario, you can enforce EAP/TLS authentication to require the use of
the CAC.
Brian

Similar ThreadsPosted
SmartCard logons to domain November 30, 2005, 9:17 am
Auditing Workstation logons from DC January 24, 2006, 1:16 pm
remote access logons in Event Viewer July 28, 2005, 12:06 pm
java/byte verify December 19, 2006, 11:57 pm
SSPI to verify machine identity January 12, 2006, 8:59 am
Windows Has Blocked Software Because It Can't Verify The Publisher October 6, 2005, 5:41 pm
How do I verify System Administrator Privileges in Windows ME November 8, 2005, 12:29 am
windows has blocked this software it can't verify the publisher, November 8, 2007, 11:56 am
Firefox dialog: unable to verify the identity of ... as a trusted site October 14, 2007, 11:37 am
User Profiles being automatically created for local user accounts March 24, 2006, 9:45 am

The site map in XML format XML site map

Contact Us | Privacy Policy