GINA - I need to disable smartcards

[fred]

Hi,

We use smartcards, but only for applications, not Windows authentication.

If a user inserts their smartcard at a locked workstation (or login) screen they get asked for a PIN (which doesnt exist).

Apparently there are lines in the GINA, probably related to...

wlx_option_use_smart_card

But thats about all I can figure out.

Does anybody know how to edit the standard MS GINA to not react to a smartcards, or write another very basic gina to go in front that passes everything excpet smartcard behavior to the MS GINA?

I have found this very hard, but somebody with GINA skills this is probably a piece of cake!!

Thanks for any help

Fred

[allen2]

The solution was the first google result.

[fred]

Hi, that GPO does not solve it.

I dont actually understand what he means by "you need to disable EAP on your AAA server"

I googled AAA server but got results for a RADIUS server, which we dont have.

Or does he mean something else?

Thanks for any help.

[allen2]

Ok then if this doesn't work, you can try to disable/set to manual to smartcard service and only start it when needed (but it wouldn't completely fix the problem if the user lock the workstation when it is started) or you should try to use procmon to monitor the accessed reg entries when you try to unlock and a smart card is inserted (you should begin to monitor before the smart card is inserted and stop when asked for the pin code); it might provide interesting keys and perhaps one of them might help disabling properly SmartCardLogon (most likely located there: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon).

Edit reason: Forgot to say, as gina is copyrighted by MS, nobody there will help to hack the dll as it is against the forum rules. That's why you have to find another way.

Edited October 11, 2011 by allen2