Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Vista

Troubleshoot Authentication Issues - SmartCards

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
3/13/2011 10:27:48 PM
Authentication is the process of having an authentication system validate a user’s identity. First, a user provides some sort of proof of identity and then requests an authentication system to validate that identity information is accurate. This confirms that the user is a known, trusted user on the computer system or network.

Authentication can be based on the following mechanisms:

  • Something You Know—Like a password or a PIN

  • Something You Have—Like a SmartCard or token device

  • Something You Are—Like a fingerprint or voice print, a biometric

  • Someplace You Are—Like a room (physical), an IP subnet (logical), or a time

Windows Vista can use the authentication protocols listed in Table 1.

Table 1. Authentication Protocols Supported by Windows Vista
Authentication ProtocolDescriptionWhen to Use
PAP—Password Authentication ProtocolClear text usernames and passwords. Not recommended.Use when clients on third-party operating systems need to authenticate.
SPAP—Shiva Password Authentication ProtocolWeak encryption.

Considered clear text.

Not recommended.
Use when clients on third-party operating systems using SPAP need to authenticate.
CHAP—Challenge

Handshake Authentication

Protocol
Encrypted usernames and passwords. Stored using reversible encryption.Use when clients on third-party operating systems have authentication encryption enabled. MAC, Unix, Linux.
MS-CHAPv1—Microsoft

Challenge Handshake

Authentication Protocol version 1
Encrypted usernames and passwords. Stored using one-way encryption.Use on Microsoft Windows 95, NT 4 (pre-SP4), and 98 (pre-SE) clients.
MS-CHAPv2—Microsoft

Challenge Handshake

Authentication Protocol version 2
Encrypted usernames and passwords. Stronger than MS-CHAPv1.Use on Microsoft Windows NT 4-SP4, 98SE, 2000, XP, 2003, and Vista clients.
EAP—Extensible Authentication ProtocolAllows additional authentication mechanisms to be used, including digital certificates, PKI. Typically stronger than password-based authentication.Use with all certificate-based authentication, including SmartCards, Biometrics, and so on.

These are all password-based authentication mechanisms, except for EAP.

In Windows Vista, the default logon authentication protocol is MS-CHAPv2. This is Microsoft’s second version of the open standard Challenge Handshake Authentication Protocol. This is the strongest one-factor authentication protocol available to Windows Vista. One-factor authentication utilizes only one of the authentication mechanisms (like something you know, have, or are).

SmartCards

To strengthen authentication beyond MS-CHAPv2, you can require more than one authentication mechanism and move to multifactor authentication. One of the most common multifactor authentication mechanisms is the use of SmartCards, along with a password or Personal Identification Number (PIN). This is referred to as two-factor authentication—something you have and something you know.

Microsoft has built in many controls to strengthen the two-factor authentication processes with the use of SmartCards. These controls are configured in the Local Security Policy (LSP) for the Vista computer or by GPO in an Active Directory environment.

To configure Vista for SmartCards, you principally need two settings. These are located in the Security Options section of the LSP and GPO, as shown in Figure 1.

Figure 1. Strengthen authentication in Windows Vista by requiring two-factor authentication with SmartCards.


They are:

  • Interactive logon—Require smartcard. This can either be enabled or disabled.

  • Interactive logon—Smart card removal behavior. The settings are

    No Action

    Lock Workstation

    Force Logoff

    Disconnect if a remote Terminal Services session

Other -----------------
- Configure and Troubleshoot Access to Resources (part 4) - Securing Network Traffic for Remote Desktop Protocol (RDP) Access
- Configure and Troubleshoot Access to Resources (part 3) - IPSec for Securing Network Traffic on the Local LAN
- Configure and Troubleshoot Access to Resources (part 2) - Printer Sharing
- Configure and Troubleshoot Access to Resources (part 1) - Permissions
- Windows Update (part 4) - Troubleshooting Updates
- Windows Update (part 3) - Windows Server Update Services Server (WSUS)
- Windows Update (part 2) - Automatic Updates
- Windows Update (part 1) - Manual Updates
- Windows Defender and Other Defenses Against Malware
- Windows Firewall
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server