none
Smart Card Authetication Enforced and User has/knows password Scenario

    Question

  • Hi,

    The scenario is:

    we enforced smart card authentication for some users selecting the "Smart Card is required for interactive logon" checkbox in the account tab of the user properties in AD.

    But as the users are required to authenticate on some non smartcard aware aplications, the password was reset enabling the user to use the user/password in that aplications after login.

    Problem:

    The users are not able to change their passwords. Example: Ctrl+Alt+Del and change password, they try to change the pass and it doesn´t work returning the error "smartcard logon is required and was not used"

    Question:

    Is there some way to let the users change their passwords?

    Thanks,

    Wednesday, May 16, 2018 10:24 AM

All replies

  • Hi,

    According to my knowledge, un-check "smart card is required for interactive logon" is the only way to let user change their passwords.

    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, May 17, 2018 9:52 AM
  • Hi Carlos,

    To the best of my knowledge, there is no supported or advisable way to do this. Smartcard is Required for Interactive Logon triggers several Active Directory changes. Even if there would be one, I would expect that it maens low-level interference with Active Directory, which is seriously risky and defeats the SiRIL option even further than resetting the password already does.

    I've seen some suppliers modify the Windows logon process so that their options (like OTP) are added. Perhaps in the same way you could remove the UID/PW option and then forego the SiRIL option altogether. If you don't like what you see, your options range from rolling back the original DLLs to reimaging all your workstations, but that would still be better than getting stuck with a broken AD.

    Kind Regards,

    Friday, May 18, 2018 8:41 AM
  • Hi,

     

    Please remember to mark useful reply as answer, which would be much more efficient for other forum community members to find useful information.

     

    Best Regards,

     

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Sunday, May 20, 2018 3:47 AM
  • Hi,

    Then i just have to change the way to enforce the smartcards, i will force smartcard authentication on the workstations instead of the users.

    Thansk for your replies,

    Monday, May 21, 2018 3:24 PM