- Your Equipment Shopping List
- Installing the Enterprise CA
- Forcing Smartcard Logons
Forcing Smartcard Logons
When users have completed the process successfully, consider forcing smartcard logon by modifying the user's account properties to require smartcards for interactive logons. With this technique, you don't have to worry about someone logging onto one of your workstations without a smartcard. To configure this option, open Active Directory Users and Computers and access the user account properties as shown in Figure 11. Select the option Smartcard Is Required for Interactive Logon.
Figure 11 Requiring smartcard logon.
If you require smartcard logon for all your network users, you can scour your domain for any remaining passwords that cannot be replaced. For example, some service accounts (those for Internet Information Server, Exchange Server, backup programs, etc.) still require passwords, so you still need a good password policy to secure those accounts. However, because you can control these passwords, they can be long, complex, and recorded on a piece of paper that's locked in a safe. Further, you can create an extremely stringent account policy to thwart any attempts to crack those passwords.
When you are done, take a few minutes to appreciate all your hard work. You've increased the security of your network and provided solid protection from password-cracking programs.