UniToken Integration Guide Windows XP Client Smart Card Configuration

From SecuTech Wiki
Jump to: navigation, search


Configure Windows XP to join your Windows Domain

Please note that the following guide requires the configured computer to be Windows XP Professional to be able to join a Windows domain. From the Start Menu, right-click on [My Computer] select [Properties].

Tokensmart img63.jpg

In the "System Properties" window, under the tab "Computer Name", click on [Change]

Tokensmart img64.jpg

Below "Member of" in the field "Domain", input the name of your Windows domain to join. In this example, 'secutech' was entered. Click on [OK] to continue.

Tokensmart img65.jpg

A pop-up window will appear asking to enter the name and password of the account to join the domain with. Input the corresponding username and the password for the user account and click [OK] to continue.

Tokensmart img66.jpg

The confirmation window containing the message [Welcome to (domain name) domain.] will appear when joining the domain was successful.

Tokensmart img67.jpg

To apply the new settings, it is necessary to restart the computer.

Tokensmart img68.jpg

Install the PKI Package

This section explains how to install the PKI package that can be found inside the UniToken SDK. The End User package can be found inside the folder "Redist/Enduser/". First, ensure the account logged into the computer is the same as the above connected to the Windows domain. Right-click on the PKI package installation file and choose [Run as...].

Tokensmart img69.jpg

Execute the file with an account that has administrator rights on the computer.

Tokensmart img70.jpg

Click on [Next] in the InstallShield Wizard welcome screen.

Tokensmart img71.jpg

Input your User Name and Company Name and click on [Next].

Tokensmart img72.jpg

Select [Complete] and click on [Next].

Tokensmart img73.jpg

Click on [Install] to begin the installation of the PKI package.

Tokensmart img74.jpg

A "Hardware Installation" warning message will appear, asking to confirm installing "UniToken Virtual Reader". Click on [Continue Anyway] to continue the installation.

Tokensmart img75.jpg

Verify that the InstallShield Wizard completed successfully and click on [Finish].

Tokensmart img76.jpg

Request and Install the Certificate from the CA

Launch your internet browser of your choice and navigate to "https://[address of domain server]/certsr". Input your username and password to log in when requested.

Tokensmart img77.jpg

On the "Microsoft Active Directory Certificate Services" main page, under "Select a task", click on [Request a certificate].

Tokensmart img78.jpg

Under "Request a certificate", click on [advanced certificate request].

Tokensmart img79.jpg

Under "Advanced Certificate Request" on the page, select [Create and submit a request to this CA].

Tokensmart img80.jpg

Under the subheading "Key Options" on the "Advanced Certificate Request" page, select [Smartcard User] from the drop-down list for "Certificate Template", and [UniToken PRO CSP v2.0] from the drop-down list for "CSP". Continue with the default settings and click on [Submit] to apply for the certificate.

Tokensmart img81.jpg

A "Web Access Confirmation" warning message will appear, asking to confirm the operation. Click on [Yes] to continue.

Tokensmart img82.jpg

A window requesting the PIN for the UniToken device will appear. Input the User PIN and click on [OK] to continue.

Tokensmart img83.jpg

Click on [Install this certificate] on the "Certificate Issued" page to install the certificate within the token.

Tokensmart img84.jpg

Click on [Yes] when the warning message [Do you want to allow the actions performed by this website] appears.

Tokensmart img85.jpg

The "Certificate Installed" page will appear when the installation is complete.

Tokensmart img86.jpg

Configure Smart Card Logon

In the start menu, click on [Run].

Tokensmart img87.jpg

Input "gpedit.msc", without the quotation marks, in "Open" and click [OK].

Tokensmart img89.jpg

On the [Group Policy] page, in [Computer Configuration], [Windows Settings], [Security Settings],[Local Policies], [Security Options], right-click on [Interactive Logon: Requires smart card] and select [Properties].

Tokensmart img90.jpg

Under the [Local Security Setting] tab, select [Enabled] and click on [OK] to apply.

Tokensmart img91.jpg

In the same directory, right-click [Interactive logon: Smart card removal behavior] and select [properties]

Tokensmart img92.jpg

Under the [Local Security Setting] tab, select the action to perform when the UniToken device is removed from the computer, then click on [OK] to apply.

Tokensmart img93.jpg