Enrolling Users

The process of setting up your company's employees to use smart cards includes hardware, software, and administrative considerations. On the hardware side, you need to purchase and install smart card readers for all your users' workstations. Assuming that the readers are Plug-and-Play compatible, the hardware installation process should be fairly simple. Once the necessary hardware is in place, you'll use the Enrollment Station to install Smartcard Logon or User certificates in each user's smart card as well as setting initial PINs for them to use. Along with these technical issues, you will also be required to create and document policies regarding identification requirements to receive a smart card or reset a forgotten PIN. Finally, you'll need to train your users on the new procedure to log on to a smart card-protected workstation, since the familiar Ctrl + Alt + Del key sequence will no longer be used.

Installing a Smart Card Reader

Most smart card readers are Plug-and-Play compatible under the Windows Server 2003 software family, so their actual installation is relatively straightforward. If you're using a reader that is not Plug-and-Play compatible or has not been tested by Microsoft, you'll need to obtain installation instructions from the card reader's manufacturer. As of this writing, the smart card readers listed in Table 3.1 are supported by Windows XP and Windows Server 2003. The corresponding device drivers will be installed on the workstation or server when the card reader has been detected by the operating system.

Table 3.1 Supported Smart Card Readers Under Windows Server 2003

Brand

Smart Card Reader

Interface

Device Driver

American Express

GCR435

USB

Grclass.sys

Bull

SmarTLP3

Serial

Bulltlp3.sys

Compaq

Serial reader

Serial

grserial.sys

Gemplus

GCR410P

Serial

Grserial.sys

Gemplus

GPR400

PCMCIA

Gpr400.sys

Gemplus

GemPC430

USB

Grclass.sys

Hewlett-Packard

ProtectTools

Serial

Scr111.sys

Litronic

220P

Serial

Lit220p.sys

Schlumberger

Reflex 20

PCMCIA

Pscr.sys

Schlumberger

Reflex 72

Serial

Scmstcs.sys

Schlumberger

Reflex Lite

Serial

Scr111.sys

SCM Microsystems

SCR111

Serial

Scr111.sys

SCM Microsystems

SCR200

Serial

Scmstcs.sys

SCM Microsystems

SCR120

PCMCIA

Pscr.sys

SCM Microsystems

SCR300

USB

Stcusb.sys

Systemneeds

External

Serial

Scr111.sys

Omnikey AG

2010

Serial

Sccmn50m.sys

Omnikey AG

2020

USB

Sccmusbm.sys

Omnikey AG

4000

PCMCIA

Cmbp0wdm.sys

To install a smart card reader on your computer, simply attach the reader to an available port, either serial or USB, or insert the reader into an available PCMCIA slot on a laptop. If the driver for the reader is preinstalled in Windows Server 2003, the installation will take place automatically. Otherwise, the Add Hardware Wizard will prompt you for the location of the relevant software.

Exam Warning_

If a smart card reader is attached to a serial port, it's likely that you'll need to reboot the machine before Windows will detect the device and install the appropriate driver.

Issuing Smart Card Certificates

Once you've established the appropriate security for the certificate templates and installed smart card readers on your users' workstations, you can begin the process of issuing the smart card certificates. The enrollment process must be a controlled procedure. In much the same way that employee access cards are monitored to ensure that unidentified persons do not gain physical access to your facility, smart card certificates need to be monitored to ensure that only authorized users can view network resources. In Exercise 3.05, we use the Web enrollment application to set up a smart card with a logon certificate for one of our users.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment