> Date: Thu, 20 Jun 2013 15:04:18 -0600 > From: Terri Shuey <[email protected]> > To: "[email protected]" <[email protected]> > Subject: [Pauldotcom] Requiring smart card use in a Windows domain > > When testing the 2 different configuration options to require smart card > use for interactive logins (computer vs user account setting) we found both > options broke access to other applications that were linked to AD. For > example corporate mail delivery to iDevices when the user account was > required to use a smart card. Or RunAs Admin when computer account was set > to require it. > > Since corporate mail delivery to an iDevice is normally considered mission > critical (heaven forbid if email is down) has anyone found a way to bypass > or limit either of these account configurations to just normal user > accounts on specific devices? For example require the computer account to > use smart card but allow RDP or RunAs for admins without smart card > required?
See http://militarycac.com - solution is "Middleware" tools. What you describe is widely deployed and solved in DoD. Also, there are now certificate solutions which implement solution on iThings and Androids. Some are better and more secure (and therefore less convenient) than others. Softcerts look to be where we will wind up. Good luck.... Herndon Elliott Madison, Al https://keyserver.pgp.com key ID: 24B60B6150130832 ΜΟΛΩΝ ΛΑΒΕ "molon labe"
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
