Windows Server 2008: Mapping one Smartcard Certificate to multiple accounts

Smart Card Authentication Changes adds the ability to allow users to’ve one smart card, one certificate on that smart card, and map to multiple users. This one certificate’ll allow them to authenticate both to a user account and to an account with special privileges (like an administrator). Why would they want to do this, you ask? They […]

Smart Card Authentication Changes adds the ability to allow users to’ve one smart card, one certificate on that smart card, and map to multiple users. This one certificate’ll allow them to authenticate both to a user account and to an account with special privileges (like an administrator). Why would they want to do this, you ask? They do not want to give administrator permissions to the user accounts but still need to be able to track who made the changes. This will effectively reduce the number of administrator accounts on the machine or environment. However, this comes with a cost to administrative overhead. To set this up correctly, some steps must be done manually by an administrator that has access to the Active Directory Users and Computers Snap-in. Also Windows Server 2008 DCs are required for the smartcard authentication. Smart card logon authentication requirements for Windows Server 2003 DCs have a strict User Principal Name (UPN) requirement.

Full ArticleDS team blog

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.