UniToken Integration Guide Windows 7 Client Smart Card Configuration

From SecuTech Wiki
Jump to: navigation, search


Configure Windows 7 to join your Windows Domain

Please note that the following guide requires the configured computer to be Windows 7 Professional or a higher edition to be able to join a Windows domain.

From the Start Menu, right-click on [My Computer] and select [Properties].

Tokensmart img94.jpg

Under the subheading "Computer name, domain, and workgroup settings" near the bottom right of the window, click on [Change settings].

Tokensmart img95.jpg

Under the tab "Computer name" in the "System Properties" window, click on [Change].

Tokensmart img96.jpg

Below "Member of" in the field "Domain", input the name of your Windows domain to join. In this example, 'secutech' was entered. Click on [OK] to continue.

Tokensmart img97.jpg

A pop-up window will appear asking to enter the name and password of the account to join the domain with. Input the corresponding username and the password for the user account and click [OK] to continue.

Tokensmart img98.jpg

The confirmation window containing the message [Welcome to (domain name) domain.] will appear when joining the domain was successful.

Tokensmart img99.jpg

To apply the new settings, it is necessary to restart the computer.

Tokensmart img100.jpg

Install the PKI Package

This section explains how to install the PKI package that can be found inside the UniToken SDK. The End User package can be found inside the folder "Redist/Enduser/". First, ensure the account logged into the computer is the same as the above connected to the Windows domain. Right-click on the PKI package installation file and choose [Run as administrator].

Tokensmart img101.jpg

Click on [Next] in the InstallShield Wizard welcome screen.

Tokensmart img102.jpg

Input your User Name and Company Name and click on [Next].

Tokensmart img103.jpg

Select [Complete] and click on [Next].

Tokensmart img104.jpg

Click on [Install] to begin the installation of the PKI package.

Tokensmart img105.jpg

Verify that the InstallShield Wizard completed successfully and click on [Finish].

Tokensmart img106.jpg

Request and Install the Certificate from the CA

Launch Internet Explorer and navigate to "https://[address of domain server]/certsr".

E.g. The URL "https://192.168.1.229/certsrv", without the quotation marks, was entered in this example.

Tokensmart img107.jpg

Input your username and password to log in when requested.

Tokensmart img108.jpg

On the "Microsoft Active Directory Certificate Services" main page, under "Select a task", click on [Request a certificate].

Tokensmart img109.jpg

Under "Request a certificate", click on [advanced certificate request].

Tokensmart img110.jpg

Under "Advanced Certificate Request" on the page, select [Create and submit a request to this CA].

Tokensmart img111.jpg

A "Web Access Confirmation" warning message will appear, asking to confirm the operation. Click on [Yes] to continue.

Tokensmart img112.jpg

Under the subheading "Key Options" on the "Advanced Certificate Request" page, select [Smartcard User] from the drop-down list for "Certificate Template", and [UniToken PRO CSP v2.0] from the drop-down list for "CSP". Continue with the default settings and click on [Submit] to apply for the certificate.

Tokensmart img113.jpg

A window requesting the PIN for the UniToken device will appear. Input the User PIN and click on [OK] to continue.

Tokensmart img114.jpg

A "Web Access Confirmation" warning message will appear, asking to confirm the operation. Click on [Yes] to continue.

Tokensmart img115.jpg

Click on [Install this certificate] on the "Certificate Issued" page to install the certificate within the token.

Tokensmart img116.jpg

The "Certificate Installed" page will appear when the installation is complete.

Tokensmart img117.jpg

Configure Smart Card Logon

In the start menu, type "gpedit.msc", without the quotation marks, in the search field, and right-click on "gpedit" and select [Run as administrator].

Tokensmart img118.jpg

On the [Group Policy] page, in [Computer Configuration], [Windows Settings], [Security Settings],[Local Policies], [Security Options], right-click on [Interactive Logon: Requires smart card] and select [Properties].

Tokensmart img119.jpg

Under the [Local Security Setting] tab, select [Enabled] and click on [OK] to apply.

Tokensmart img120.jpg

In the same directory, right-click [Interactive logon: Smart card removal behavior] and select [properties]

Tokensmart img121.jpg

Under the [Local Security Setting] tab, select the action to perform when the UniToken device is removed from the computer, then click on [OK] to apply.

Tokensmart img122.jpg