Hello, and sorry if this question has been already answered. After searching here in the forums, I can't find anything about login in Vista using safecards or cryptocards. Is there any built-in feature supporting this? Any help/guidance/workaround it's welcomed. Thanks in advance

who card are you plaining to use ? are you going to use them in a domain ? or standalone

Hello and thanks for the reply. That's what I would like to know. Do I have to get any specific kind of card? Any standard to be used? At the moment, I'm planning to acquire one with the following characteristics: Technical Features CPU SLE66CX320P ROM 32 Kbytes RAM 256 bytes (+ 700 bytes inner RAM) (+ 1 Kbyte de XRAM) EEPROM 32 Kbytes (SLE66CX320P) Crypto Features Allow the use of 1024 bits keys Generation and verificacionof RSA digital signatures RSA Encryption anddecryption RSA keys generation Triple DES codingand decoding Hash SHA-1 coding 2. May be used standalone? Planning to be used with Vista Ultimate and Windows Home Server (Beta Tester) 3. Which kind of user's certificatehas be stored in the cryptocard? Do I have to get any certificate from Microsoft or any other entity?

Sounds like you mean "smart card". CryptoCard is a specific vendor of a variety of tokens. I have never heard of a "safecard". I'm not a smart card expert, so I don't know the exact ISO standard you'll want the card to conform to - but yes, pretty much a standard smart card is what you need. It cannot be used "standalone". Smart cards can only be used for logon to Windows when the PC is a domain member. I don't believe that Home Server acts as a domain controller. The smart card is generally used for certificate logon to the domain using Kerberos. This is not supported for workstation accounts in the local SAM DB. There are some products out there that combine smart cards with a password stored on the smart card, and that would work in a non-domain environment with a custom Credential Provider, but I don't know which vendors products are Vista ready. Otherwise, you need an x.509 certificate with key usage specified for encryption - I think. Don't quote me on that part. Obviously, the Microsoft CA has templates for certificate logon, but other CAs do as well including RSA, Entrust, and others.

Thanks for the reply. Here's an excerpt of an article pusblished at TechNet: (http://technet.microsoft.com/en-us/windowsvista/aa905073.aspx) Authentication: "Windows Vista continues to have built-in authentication support for passwords and smart cards" Which are those built-in authentication features regarding smart cards?

there are many vendors who provide smartcard tokens, most also provide the server application to manage the smartcards, Most are created using AD and a domain structor, you could use in workgroup mode but most vendors do not support that. You can also go to token like RSA and Ident as other solutions. Vista has the security provider in the os , in xp and 200 there was a GINA, that was replaced and now vista can support 3 party device native ( still need server side application)

Thanks for the reply. So it's clear that, smartcards can't be used in an standaloneVista system. Now let's move towards Windows Server 2003. Do I need any third-party tool inmy server to use smartcards? And, due to Vista Editions constriction, only Ultimate/Bussiness editions can be part of a domain, right? Any help would be very appreciated.

1st bussiness , enterprise or ultmate can be used in a domian. You need 3rd party vendors to support smart cards today may change with longhorn. Many smartcard vendors will give you server software, when you buy the rest of the solution. (Cards, readers etc.)

Well, it seems I'm finding out some light. Reading several articles about Windows 2003 Server and Smart Cards. Thanks for the help.

glad to have helped