updates

2025-05-28 05:07:23 +00:00 · 2023-11-06 16:35:41 -05:00 · 2023-11-06 16:35:41 -05:00 · f074e91d7f
commit f074e91d7f
parent e3604c377e
3 changed files with 13 additions and 13 deletions
--- a/windows/security/identity-protection/smart-cards/smart-card-architecture.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-architecture.md
@ -140,8 +140,8 @@ Similarly, in response to a NCryptOpenKey call in CNG, the smart card KSP tries

 | **Type** | **Name** | **Format** |
 |----------|----------|------------|
-| I | Reader Name and Container Name | `\.\<Reader Name>\<Container Name>` |
-| II | Reader Name and Container Name (NULL) | `\.\<Reader Name>` |
+| I | Reader Name and Container Name | `\.<Reader Name><Container Name>` |
+| II | Reader Name and Container Name (NULL) | `\.<Reader Name>` |
 | III | Container Name Only | `<Container Name>` |
 | IV | Default Container (NULL) Only | NULL |

--- a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
@ -16,7 +16,7 @@ When a smart card is inserted, the following steps are performed.
 > Unless otherwise mentioned, all operations are performed silently (CRYPT_SILENT is passed to CryptAcquireContext).

 1. The smart card resource manager database searches for the smart card's cryptographic service provider (CSP).
-1. A qualified container name is constructed by using the smart card reader name, and it is passed to the CSP. The format is *\\.\<Reader name>\
+1. A qualified container name is constructed by using the smart card reader name, and it is passed to the CSP. The format is *\\.<Reader name>\
 1. CryptAcquireContext is called to retrieve a context to the default container. If a failure occurs, the smart card will be unusable for smart card sign-in.
 1. The name of the container is retrieved by using the PP_CONTAINER parameter with CryptGetProvParam.
 1. Using the context acquired in Step 3, the CSP is queried for the PP_USER_CERTSTORE parameter (added in Windows Vista). For more information, see [Smart Card Architecture](smart-card-architecture.md). If the operation is successful, the name of a certificate store is returned, and the program flow skips to Step 8.
@ -87,11 +87,11 @@ Following are the steps that are performed during a smart card sign-in:

        > [!NOTE]
        > The KRB_AS_REP packet consists of:
-        >- Privilege attribute certificate (PAC)
-        >- User's SID
-        >- SIDs of any groups of which the user is a member
-        >- A request for ticket-granting service (TGS)
-        >- Preauthentication data
+        > - Privilege attribute certificate (PAC)
+        > - User's SID
+        > - SIDs of any groups of which the user is a member
+        > - A request for ticket-granting service (TGS)
+        > - Preauthentication data

    TGT is encrypted with the master key of the KDC, and the session key is encrypted with a temporary key. This temporary key is derived based on RFC 4556. Using CryptoAPI, the temporary key is decrypted. As part of the decryption process, if the private key is on a smart card, a call is made to the smart card subsystem by using the specified CSP to extract the certificate corresponding to the user's public key. (Programmatic calls for the certificate include CryptAcquireContext, CryptSetProvParam with the PIN, CryptgetUserKey, and CryptGetKeyParam.) After the temporary key is obtained, the Kerberos SSP decrypts the session key.

--- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
@ -50,8 +50,8 @@ WPP simplifies tracing the operation of the trace provider. It provides a mechan
 Using WPP, use one of the following commands to enable tracing:

 ```cmd
-tracelog.exe -kd -rt -start <FriendlyName> -guid \<GUID> -f .\<LogFileName*>.etl -flags <flags> -ft 1
-logman start <FriendlyName> -ets -p {<GUID>} -<Flags> -ft 1 -rt -o .\<LogFileName><em>.etl -mode 0x00080000</em>
+tracelog.exe -kd -rt -start <FriendlyName> -guid <GUID> -f .<LogFileName*>.etl -flags <flags> -ft 1
+logman.exe start <FriendlyName> -ets -p {<GUID>} -<Flags> -ft 1 -rt -o .<LogFileName><em>.etl -mode 0x00080000</em>
 ```

 You can use the parameters in the following table.
@ -74,7 +74,7 @@ To enable tracing for the SCardSvr service:

 ```cmd
 tracelog.exe -kd -rt -start scardsvr -guid \#13038e47-ffec-425d-bc69-5707708075fe -f .\scardsvr.etl -flags 0xffff -ft 1
-logman start scardsvr -ets -p {13038e47-ffec-425d-bc69-5707708075fe} 0xffff -ft 1 -rt -o .\scardsvr.etl -mode 0x00080000
+logman.exe start scardsvr -ets -p {13038e47-ffec-425d-bc69-5707708075fe} 0xffff -ft 1 -rt -o .\scardsvr.etl -mode 0x00080000
 ```

 To enable tracing for `scfilter.sys`:
@ -89,7 +89,7 @@ Using WPP, use one of the following commands to stop the tracing:

 ```cmd
 tracelog.exe -stop <*FriendlyName*>
-logman -stop <*FriendlyName*> -ets
+logman.exe -stop <*FriendlyName*> -ets
 ```

 #### Examples
@ -98,7 +98,7 @@ To stop a trace:

 ```cmd
 tracelog.exe -stop scardsvr
-logman -stop scardsvr -ets
+logman.exe -stop scardsvr -ets
 ```

 ## Kerberos protocol, KDC, and NTLM debugging and tracing