Jump to content

"Prevent plaintext PINs from being returned by credential manager"

Guest Egil Martinsen

By Guest Egil Martinsen
in Techno Babble

 Share

Recommended Posts

Guest Egil Martinsen

Guest Egil Martinsen

Posted
Posted

Hello,

 

I have three questions regarding the GPO setting "Prevent plaintext PINs

from being returned by credential manager" do? It is found under Computer

Configuration -> .. -> ADMX -> Windows Components -> Smartcard.

 

1. The explanation found in the group policy editor states that: "If you

enable this setting, credential manager does not return a plaintext PIN". The

question is then: To whom will it not return a plaintext PIN? To the LSA? To

the BaseCSP? To a random user asking for it?

 

2. When this setting is enabled, what encryption algorithm is used on the

PIN, and what key is used?

 

3. When this setting is enabled, smartcard login works fine. However,

smartcard enrollment does not work - when enrolling, the following message is

displayed after entering the smartcard PIN the first time in the enrollment

process: "Computer Policy prohibits performing this operation because the

card does not support the required level of security".

The question is: Why does login work with this setting, but not signing?

 

Thank you very much!

  • Replies 0
  • Created
  • Last Reply

Popular Days

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...