locked
Detecting the mode of logon from a service RRS feed

  • Question

  • Hi,

     Is it possible to know whether a user has logged in through SAS or Smart card login, within a service that listens to the logon notifications?

     

    thanks in advance.

    Friday, June 27, 2008 4:46 PM

All replies

  •  

    [3 posts for the same question...]

    I don't think so. In any case it wouldn't be very reliable (user logs on with SC, locks, unlocks with password. Is it still a SC logon?).

     

    Friday, July 4, 2008 12:56 AM
  • Hi Eric,

    Thanks for the reply.

     

    >> In any case it wouldn't be very reliable (user logs on with SC, locks, unlocks with password. Is it still a SC logon?).

    Yes it would be considered as an SC logon only.

     

    If it is not possible to detect whether the user has logged in through smart card or not from a service, can you suggest alternatives?

     

    Thank you

     

     

     

    Sunday, July 6, 2008 4:27 PM
  • Well, that's your opinion.

    My opinion is that the logom type should be the least secure that's been used to logon/unlock/reconnect.

    I believe most people interested in this type of "authentication strength" would agree.

     

    There's an easy way to be sure. If the user doesn't have a password (SC logon only user), then it's pretty safe!

    Also, I believe there's a logon policy that requires SC logon for all users on a particular machine.

    Otherwise, you have to get involved in the logon operation (GINA or Credential Provider).

     

     

    Tuesday, July 15, 2008 12:29 AM