3 require smart card to logon, Require smart card to logon, Require smart card to logon 4.3 – HID Crescendo Integration User Manual

December 1, 2008

© 2008 HID Global Corporation. All rights reserved.

Page 49 of 54

47A3-905, A.1

Crescendo Integration Guide

Microsoft Windows Server 2003

Require Smart Card to Logon

4.3

Since the use of a username and password is inherently weaker than the use of a token with a PIN (two-factor

authentication), a user should logon to the domain with a token and PIN instead of a username and password.

When two-factor authentication is enforced, a user can only log on with a token and PIN. This security feature is only

configured on a per-user basis.
When activating this policy for (domain) administrators, remove this feature after logging on to the Windows 2003

server with the same smart card. You can also remove this feature with another smart card that contains a correct

certificate for the domain administrator.
To configure a user in Active Directory to only log on to the domain with a token, go to

Start > Settings > control

panel > Active Directory Users and Computers:

Figure 57: Active Directory Users and Computers

In the

Active Directory Users and Computers console, go to [your domain name] > users:

Figure 58: Active Directory Users and Computers: Users

Double-click the user you wish to configure the ‘require smart card to logon’ policy.

