Thread: IAS and certificates. Is it feasible?
View Single Post
  #4 (permalink)  
Old 2006-11-23
RayPesek RayPesek is offline
Senior Member
  
Join Date: 2006-03-19
Location: Northern Ohio
Posts: 894
Rep Power: 3
RayPesek has an average reputation (10+)
Default Re: IAS and certificates. Is it feasible?
If they can export the certificate or simply copy it, it will be portable between computers.

This code in local.scv will check the name of the domain that the computer is a member of. It can be beat by naming a home computer to the same name as the domain name, though:

: (RegMonitor
:type (plugin)
:parameters (
:string ("SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winl ogon\DefaultDomainName=OURDOMAIN")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Your computer account password is invalid. The Help Desk has been notified.")
:end (admin)
)
)


I don't know of any way to require both a Windows account and certificate to complete a login.

Ray
Last edited by RayPesek; 2006-11-23 at 15:30.
Reply With Quote