Hi All

More smartcard related stuff...

A somewhat common question for those moving to smartcard logons.

How does one determine if the user logged on via smartcard?

The server a user authenticates to will post an event in the Security Event Log:

Event Type: Success Audit
Event Source: Security
Event Category: Account Logon
Event ID: 672
Date:  8/29/2006
Time:  8:37:01 PM
User:  NT AUTHORITY\SYSTEM
Computer: 2k3entspat
Description:
Authentication Ticket Request:
  User Name:  Administrator
  Supplied Realm Name: SpatsDomain.MSFT
  User ID:   SpatsDomain\administrator
  Service Name:  krbtgt
  Service ID:  SpatsDomain\krbtgt
  Ticket Options:  0x40810010
  Result Code:  -
  Ticket Encryption Type: 0x17
  Pre-Authentication Type: 15 --> 15 == pkinit
  Client Address:  192.168.0.100
  Certificate Issuer Name: SpatsDomain Root CA
  Certificate Serial Number: 610A435F00000000001B
  Certificate Thumbprint: BB50F6C4CE3D8E7126932AE605CC834EAC51ED92

 

 

 

The client will also have a user environment variable  (viewable via "set" command ) and it should look  like:

 

SMARTCARD=Schlumberger Cyberflex Access e-gate 32K;SNB Login Reader

which is:
SMARTCARD=cardType;readerName

 

Note: If you are testing this via a logon script you *must* have disable the “run logon scripts synchronously” policy.

 

 

NOTE : these may not be 100% accurate 100% of the time.. test, test ,test

 

 

keyword:  determine smart card smartcard logon

 

spatdsg