1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Certificate Authentication

Discussion in 'Windows Server' started by BlackVeiledAiel, Feb 26, 2015.

Thread Status:
Not open for further replies.
  1. BlackVeiledAiel

    BlackVeiledAiel Thread Starter

    Joined:
    Feb 26, 2015
    Messages:
    1
    Hi,

    I'm trying to find a way to configure some Windows Servers (2008r2) to allow access to domain users using certificates rather than username & password.

    I have a CA and have issued certificates to my users, I have then mapped the certificates to the user AD accounts but I am at a loss as to how I get the servers to use the certificates to authenticate the users.
    Do I need some 3rd party software? I had assumed this was something the servers could manage on their own..

    Any help or suggestions would be greatly appreciated.
     
  2. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,272
    As far as I know, this is not possible nor desirable. To do what you're asking requires Windows to some how receive the certificate for a user to login at the login prompt. Unless Windows is psychic when I sit at a terminal, that certificate has to be installed the device to be able to send the certificate for domain authentication. Let's take this scenario one step further, someone steals or gains unauthorized access to that PC. Now that person has the access credentials of what ever user the cert was generated for. Obviously this is not a good situation. In addition, how do you allow a different user to login to the domain using that PC? The inability to do this negates one of the advantages of running a Windows domain.

    Certificates are used as an additional factor for authentication and not as a primary means.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1143816

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice