You need an enterprise certification authority rather than a stand-alone or third-party certification authority to support smart card logon to Windows 2000 domains.
Microsoft supports industry standard Personal Computer/Smart Card (PC/SC)-compliant smart cards and readers—and if you check the hardware compatibility list, you will see Windows 2000 provides drivers for commercially available Plug and Play smart card readers. Smart card logon is supported for Windows 2000 Professional, Windows 2000 Server, Windows 2000 Advanced Server systems, and Windows 2000 Data Center.
Microsoft Windows 2000 does not support non-PC/SC-compliant or non-Plug and Play smart card readers. Some manufacturers might provide drivers for non-Plug and Play smart card readers that work with Windows 2000; nevertheless, it is recommended that you purchase only Plug and Play PC/SC-compliant smart card readers that are on the HCL.
Smart cards can be combined with employee card keys and identification badges to support multiple uses per card.
Now, since cost is always a factor, you should know that the overall cost of administering a smart card program depends on several factors, including:
■ The number of users that use the smart card program and where they are located.
■ How you decide to issue smart cards to users. This should include stringent requirements for verifying user identities. For example, will you require users to simply present a valid personal identification card or will you require a background investigation? Your policies affect the level of security provided as well as the actual cost. Depending on your industry, some of these decisions may be made for you, by law.
■ Your practices for users who lose or misplace their smart cards. For example, will you issue temporary smart cards, authorize temporary alternate logon to the network, or make users go home to retrieve their smart cards? Your policies affect how much worker time is lost and how much Help desk support is needed.
Your network security deployment plan needs to describe the network logon and authentication methods you use. Include the following information in your security matrix:
■ Identify the network logon and authentication strategies you want to deploy.
■ Describe all the smart card deployment considerations you have identified and the issues with each.
■ Describe the PKI certificate services that are required to support your implementation of smart cards.
Was this article helpful?