fred Posted October 10, 2011 Share Posted October 10, 2011 Hi,We use smartcards, but only for applications, not Windows authentication.If a user inserts their smartcard at a locked workstation (or login) screen they get asked for a PIN (which doesnt exist).Apparently there are lines in the GINA, probably related to...wlx_option_use_smart_cardBut thats about all I can figure out.Does anybody know how to edit the standard MS GINA to not react to a smartcards, or write another very basic gina to go in front that passes everything excpet smartcard behavior to the MS GINA?I have found this very hard, but somebody with GINA skills this is probably a piece of cake!!Thanks for any helpFred Link to comment Share on other sites More sharing options...
allen2 Posted October 10, 2011 Share Posted October 10, 2011 The solution was the first google result. Link to comment Share on other sites More sharing options...
fred Posted October 10, 2011 Author Share Posted October 10, 2011 Hi, that GPO does not solve it.I dont actually understand what he means by "you need to disable EAP on your AAA server"I googled AAA server but got results for a RADIUS server, which we dont have. Or does he mean something else?Thanks for any help. Link to comment Share on other sites More sharing options...
allen2 Posted October 11, 2011 Share Posted October 11, 2011 (edited) Ok then if this doesn't work, you can try to disable/set to manual to smartcard service and only start it when needed (but it wouldn't completely fix the problem if the user lock the workstation when it is started) or you should try to use procmon to monitor the accessed reg entries when you try to unlock and a smart card is inserted (you should begin to monitor before the smart card is inserted and stop when asked for the pin code); it might provide interesting keys and perhaps one of them might help disabling properly SmartCardLogon (most likely located there: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon).Edit reason: Forgot to say, as gina is copyrighted by MS, nobody there will help to hack the dll as it is against the forum rules. That's why you have to find another way. Edited October 11, 2011 by allen2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now