Certificate Authentication

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

BlackVeiledAiel

Thread Starter
Joined
Feb 26, 2015
Messages
1
Hi,

I'm trying to find a way to configure some Windows Servers (2008r2) to allow access to domain users using certificates rather than username & password.

I have a CA and have issued certificates to my users, I have then mapped the certificates to the user AD accounts but I am at a loss as to how I get the servers to use the certificates to authenticate the users.
Do I need some 3rd party software? I had assumed this was something the servers could manage on their own..

Any help or suggestions would be greatly appreciated.
 

zx10guy

Trusted Advisor
Spam Fighter
Joined
Mar 30, 2008
Messages
6,649
As far as I know, this is not possible nor desirable. To do what you're asking requires Windows to some how receive the certificate for a user to login at the login prompt. Unless Windows is psychic when I sit at a terminal, that certificate has to be installed the device to be able to send the certificate for domain authentication. Let's take this scenario one step further, someone steals or gains unauthorized access to that PC. Now that person has the access credentials of what ever user the cert was generated for. Obviously this is not a good situation. In addition, how do you allow a different user to login to the domain using that PC? The inability to do this negates one of the advantages of running a Windows domain.

Certificates are used as an additional factor for authentication and not as a primary means.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top