How can I configure Windows, when I am at the Logon Screen I see the option to logon using a SmartCard? How can I associate the SmartCard with a local user account which is not a member of a domain?
I have a laptop (running Windows 7 Pro), SmartCard & SmartCard reader.
Windows normally supports smart cards only for domain accounts. However, there is a third-party library, EIDAuthenticate, which lets you use smart cards with local identities.
First of all not every smart card can be used for Windows 7 logon. You need a smart card that is supported by Windows 7 or that activates support by installing a certain smart card management component.
The second requirement is that your computer is part of a Windows domain (respectively has an Active Directory and a certificate enrollment center) and the account you want to log-on is a domain account. This is because smart card logon relies on Kerberos logon, which is only available within a domain. Some 3rd party software allows smartcard logon without being in a Domain Active Directory but those solutions are proprietary).
In general the smart card have to contain a certificate and the correspondent private key. The certificate contains the user information used for identifying the user. When logging in using a smart card you enter the PIN of the smart card instead of you regular password.
See also:
There seems to be a new option for that - HP ProtectTools Security Manager. It is distributed with new HP business notebooks, so I don't know if it works on any other brands/models. However, in this application, it is possible to control login to Windows using password/fingerprint/smart card/bluetooth device.
I've tested the SmartCard logon on my own machine and it works. However, the program started to accept the SmartCard only after I recorded a Windows File Encryption key onto it (Start->type "file encryption"->Enter).
