Hi,
I have an interesting task for me and i hope for someone else who
use smart cards in its w2k enterprise.
Step by step:
We have
1) a w2k domain
2) a w2k users
3) a w2k mobile computer (in common case - any w2k non domain
controller computer)
4) a group of users or organisational unit that must have access
to this computer (access must be denied for all others) only if they
do a smart card logon
5) this restriction must be applied when computer's connected to the
LAN and is not
What i've already known how to do?
1) I can do smart card logon when computer's connected to the LAN
and is not
2) I can apply Local Security Policy and set "Logon locally" policy
only for restricted users
3) but these users in addition are able to log in without smart card
4) I can't apply Account setting "Smart card is required for
interactive logon" for computers but only for user accounts
Thnx in advance
List info: http://www.activedir.org/mail_list.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
