...Because someone's gotta tell the story...


To return to the main Blog List, click Full Blog Listing.


Active Directory
Group Policy

Smartcards as defaults in Windows 7 and later

Wednesday, April 23, 2014 in Technical Articles (Views: 3093)
Some have asked, how in the world do I set the default to smartcards in Windows 7, and later for that matter..

Now, simply setting a "Require Smartcard" in the AD user object, or worse, requiring it on the computer policy, will not set this as the default. The goal here is that once the user presses "Ctrl-Alt-Del", the smartcard should show by default.

Here is the registry key to look at: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI
Then the value: LastLoggedOnProvider.

The best time to look at this key is AFTER you have logged in with your smartcard. Take this value, and place it in the registry via script or Group Policy Preference.

Mine simply happened to be {8bf9a910-a8ff-457f-999f-a5ca10b4a885}, and is not a GUID as much as it appears to be. This should get you on your way.


Related Blogs You May Be Interested In:

To leave a comment, please log in and/or register.