Requiring Smart Cards for Interactive Logons
Find out what happens when you select the "Smart Card is required for interactive logon" option in Active Directory.
January 16, 2014
Q: What happens to a user account's password when I select the Smart Card is required for interactive logon option in the user's Active Directory account properties?
A: When you select the Smart Card is required for interactive logon check box in the Active Directory (AD) user account properties, Windows automatically resets the user password to a random complex password. In addition, Windows adds the SMARTCARD_REQUIRED flag to the UserAccountControl user account attribute and sets the DONT_EXPIRE_PASSWORD flag on the user account. The latter ensures that the user's password never expires after the Smart Card is required for interactive logon option is selected.
When a user logs on to Windows either locally or remotely using a Remote Desktop session, the Windows client automatically checks for the presence of the SMARTCARD_REQUIRED flag. If the Smart Card is required for interactive logon option is set for the user, Windows rejects the logon attempt if it's not made with smart card credentials.
About the Author
You May Also Like