mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 18:33:43 +00:00
freshness review smart card topic
This commit is contained in:
Paolo Matarazzo
@ -1,5 +1,5 @@
|
||||
---
|
||||
ms.date: 11/21/2023
|
||||
ms.date: 11/22/2023
|
||||
title: Smart Card and Remote Desktop Services
|
||||
description: This topic for the IT professional describes the behavior of Remote Desktop Services when you implement smart card sign-in.
|
||||
ms.topic: concept-article
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Smart Card Architecture
|
||||
description: This topic for the IT professional describes the system architecture that supports smart cards in the Windows operating system.
|
||||
ms.topic: reference-architecture
|
||||
ms.date: 11/06/2023
|
||||
ms.date: 11/22/2023
|
||||
---
|
||||
|
||||
# Smart Card Architecture
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Certificate propagation service
|
||||
description: Learn about the certificate propagation service (CertPropSvc), which is used in smart card implementation.
|
||||
ms.topic: concept-article
|
||||
ms.date: 11/21/2023
|
||||
ms.date: 11/22/2023
|
||||
---
|
||||
|
||||
# Certificate propagation service
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Certificate Requirements and Enumeration
|
||||
description: This topic for the IT professional and smart card developers describes how certificates are managed and used for smart card sign-in.
|
||||
ms.topic: concept-article
|
||||
ms.date: 11/06/2023
|
||||
ms.date: 11/22/2023
|
||||
---
|
||||
|
||||
# Certificate Requirements and Enumeration
|
||||
@ -185,11 +185,11 @@ A single user certificate can be mapped to multiple accounts. For example, a use
|
||||
Based on the information that is available in the certificate, the sign-in conditions are:
|
||||
|
||||
1. If no UPN is present in the certificate:
|
||||
1. Sign-in can occur in the local forest or in another forest if a single user with one certificate needs to sign in to different accounts
|
||||
1. A hint must be supplied if mapping isn't unique (for example, if multiple users are mapped to the same certificate)
|
||||
1. Sign-in can occur in the local forest or in another forest if a single user with one certificate needs to sign in to different accounts
|
||||
1. A hint must be supplied if mapping isn't unique (for example, if multiple users are mapped to the same certificate)
|
||||
1. If a UPN is present in the certificate:
|
||||
1. The certificate can't be mapped to multiple users in the same forest
|
||||
1. The certificate can be mapped to multiple users in different forests. For a user to sign in to other forests, an X509 hint must be supplied to the user
|
||||
1. The certificate can't be mapped to multiple users in the same forest
|
||||
1. The certificate can be mapped to multiple users in different forests. For a user to sign in to other forests, an X509 hint must be supplied to the user
|
||||
|
||||
## Smart card sign-in for multiple users into a single account
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Smart Card Troubleshooting
|
||||
description: Describes the tools and services that smart card developers can use to help identify certificate issues with the smart card deployment.
|
||||
ms.topic: troubleshooting
|
||||
ms.date: 11/06/2023
|
||||
ms.date: 11/22/2023
|
||||
---
|
||||
|
||||
# Smart Card Troubleshooting
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Smart card events
|
||||
description: Learn about smart card deployment and development events.
|
||||
ms.topic: troubleshooting
|
||||
ms.date: 06/02/2023
|
||||
ms.date: 11/22/2023
|
||||
---
|
||||
|
||||
# Smart card events
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Smart Card Group Policy and Registry Settings
|
||||
description: Discover the Group Policy, registry key, local security policy, and credential delegation policy settings that are available for configuring smart cards.
|
||||
ms.topic: reference
|
||||
ms.date: 11/06/2023
|
||||
ms.date: 11/22/2023
|
||||
---
|
||||
|
||||
# Smart Card Group Policy and Registry Settings
|
||||
@ -262,7 +262,7 @@ When this setting isn't turned on, Credential Manager can return plaintext PINs.
|
||||
You can use this policy setting to control the way the subject name appears during sign-in.
|
||||
|
||||
> [!NOTE]
|
||||
> To help users distinguish one certificate from another, the user principal name (UPN) and the common name are displayed by default. For example, when this setting is enabled, if the certificate subject is CN=User1, OU=Users, DN=example, DN=com and the UPN is user1@example.com, "User1" is displayed with "user1@example.com." If the UPN is not present, the entire subject name is displayed. This setting controls the appearance of that subject name, and it might need to be adjusted for your organization.
|
||||
> To help users distinguish one certificate from another, the user principal name (UPN) and the common name are displayed by default. For example, when this setting is enabled, if the certificate subject is *CN=User1, OU=Users, DN=example, DN=com* and the UPN is *user1@example.com*, *User1* is displayed with *user1@example.com*. If the UPN is not present, the entire subject name is displayed. This setting controls the appearance of that subject name, and it might need to be adjusted for your organization.
|
||||
|
||||
When this policy setting is turned on, the subject name during sign-in appears reversed from the way that it's stored in the certificate.
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: How Smart Card Sign-in Works in Windows
|
||||
description: This topic for IT professional provides links to resources about the implementation of smart card technologies in the Windows operating system.
|
||||
ms.topic: overview
|
||||
ms.date: 1/06/2023
|
||||
ms.date: 11/22/2023
|
||||
---
|
||||
|
||||
# How Smart Card Sign-in Works in Windows
|
||||
|
||||
@ -2,23 +2,23 @@
|
||||
title: Smart Card Removal Policy Service
|
||||
description: This topic for the IT professional describes the role of the removal policy service (ScPolicySvc) in smart card implementation.
|
||||
ms.topic: concept-article
|
||||
ms.date: 09/24/2021
|
||||
ms.date: 11/22/2023
|
||||
---
|
||||
|
||||
# Smart Card Removal Policy Service
|
||||
|
||||
This topic for the IT professional describes the role of the removal policy service (ScPolicySvc) in smart card implementation.
|
||||
This article describes the role of the removal policy service (`ScPolicySvc`) in smart card implementations.
|
||||
|
||||
The smart card removal policy service is applicable when a user has signed in with a smart card and then removes that smart card from the reader. The action that is performed when the smart card is removed is controlled by Group Policy settings. For more information, see [Smart Card Group Policy and Registry Settings](smart-card-group-policy-and-registry-settings.md).
|
||||
The smart card removal policy service is applicable when a user signs in with a smart card and then removes that smart card from the reader. The action that is performed when the smart card is removed is controlled by group policy settings. For more information, see [Smart Card Group Policy and Registry Settings](smart-card-group-policy-and-registry-settings.md).
|
||||
|
||||
|
||||
|
||||
|
||||
The numbers in the previous figure represent the following actions:
|
||||
The numbers in the diagram represent the following actions:
|
||||
|
||||
1. Winlogon isn't directly involved in monitoring for smart card removal events. The sequence of steps that are involved when a smart card is removed begins with the smart card credential provider in the sign-in UI process. When a user successfully signs in with a smart card, the smart card credential provider captures the reader name. This information is then stored in the registry with the session identifier where the sign-in was initiated.
|
||||
1. The smart card resource manager service notifies the smart card removal policy service that a sign-in has occurred.
|
||||
1. ScPolicySvc retrieves the smart card information that the smart card credential provider stored in the registry. This call is redirected if the user is in a remote session. If the smart card is removed, ScPolicySvc is notified.
|
||||
1. ScPolicySvc calls Remote Desktop Services to take the appropriate action if the request is to sign out the user or to disconnect the user's session, which might result in data loss. If the setting is configured to lock the computer when the smart card is removed, ScPolicySvc sends a message to Winlogon to lock the computer.
|
||||
1. `Winlogon` isn't directly involved in monitoring for smart card removal events. The sequence of steps that are involved when a smart card is removed begins with the smart card credential provider in the sign-in UI process. When a user successfully signs in with a smart card, the smart card credential provider captures the reader name. This information is then stored in the registry with the session identifier where the sign-in was initiated
|
||||
1. The smart card resource manager service notifies the smart card removal policy service that a sign-in occurred
|
||||
1. `ScPolicySvc` retrieves the smart card information that the smart card credential provider stored in the registry. This call is redirected if the user is in a remote session. If the smart card is removed, `ScPolicySvc` is notified
|
||||
1. `ScPolicySvc` calls Remote Desktop Services to take the appropriate action if the request is to sign out the user or to disconnect the user's session, which might result in data loss. If the setting is configured to lock the computer when the smart card is removed, `ScPolicySvc` sends a message to Winlogon to lock the computer.
|
||||
|
||||
## See also
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Smart Cards for Windows Service
|
||||
description: This topic for the IT professional and smart card developers describes how the Smart Cards for Windows service manages readers and application interactions.
|
||||
ms.topic: concept-article
|
||||
ms.date: 11/06/2023
|
||||
ms.date: 11/22/2023
|
||||
---
|
||||
|
||||
# Smart Cards for Windows Service
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Smart Card Tools and Settings
|
||||
description: This topic for the IT professional and smart card developer links to information about smart card debugging, settings, and events.
|
||||
ms.topic: conceptual
|
||||
ms.date: 11/06/2023
|
||||
ms.date: 11/22/2023
|
||||
---
|
||||
|
||||
# Smart Card Tools and Settings
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Smart Card Technical Reference
|
||||
description: Learn about the Windows smart card infrastructure for physical smart cards, and how smart card-related components work in Windows.
|
||||
ms.topic: overview
|
||||
ms.date: 11/06/2023
|
||||
ms.date: 11/22/2023
|
||||
---
|
||||
|
||||
# Smart Card Technical Reference
|
||||
|
||||
@ -4,7 +4,7 @@ description: This topic details how Microsoft supports the Common Criteria certi
|
||||
ms.author: sushmanemali
|
||||
author: s4sush
|
||||
ms.topic: reference
|
||||
ms.date: 11/4/2022
|
||||
ms.date: 11/22/2023
|
||||
ms.reviewer: paoloma
|
||||
ms.collection:
|
||||
- tier3
|
||||
@ -147,7 +147,7 @@ Certified against the Protection Profile for Mobile Device Fundamentals.
|
||||
- [Validation Report](https://download.microsoft.com/download/f/2/f/f2f7176e-34f4-4ab0-993c-6606d207bb3c/st_vid10752-vr.pdf)
|
||||
- [Assurance Activity Report](https://download.microsoft.com/download/9/3/9/939b44a8-5755-4d4c-b020-d5e8b89690ab/Windows%2010%20and%20Windows%2010%20Mobile%201607%20MDF%20Assurance%20Activity%20Report.pdf)
|
||||
|
||||
### Windows 10, version 1607, Windows Server 2016
|
||||
### Windows 10, version 1607, Windows Server 2016 (VPN)
|
||||
|
||||
Certified against the Protection Profile for IPsec Virtual Private Network (VPN) Clients.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user