UniToken Integration Guide Windows XP Client Smart Card Configuration
Configure Windows XP to join your Windows Domain
Please note that the following guide requires the configured computer to be Windows XP Professional to be able to join a Windows domain. From the Start Menu, right-click on [My Computer] select [Properties].
In the "System Properties" window, under the tab "Computer Name", click on [Change]
Below "Member of" in the field "Domain", input the name of your Windows domain to join. In this example, 'secutech' was entered. Click on [OK] to continue.
A pop-up window will appear asking to enter the name and password of the account to join the domain with. Input the corresponding username and the password for the user account and click [OK] to continue.
The confirmation window containing the message [Welcome to (domain name) domain.] will appear when joining the domain was successful.
To apply the new settings, it is necessary to restart the computer.
Install the PKI Package
This section explains how to install the PKI package that can be found inside the UniToken SDK. The End User package can be found inside the folder "Redist/Enduser/". First, ensure the account logged into the computer is the same as the above connected to the Windows domain. Right-click on the PKI package installation file and choose [Run as...].
Execute the file with an account that has administrator rights on the computer.
Click on [Next] in the InstallShield Wizard welcome screen.
Input your User Name and Company Name and click on [Next].
Select [Complete] and click on [Next].
Click on [Install] to begin the installation of the PKI package.
A "Hardware Installation" warning message will appear, asking to confirm installing "UniToken Virtual Reader". Click on [Continue Anyway] to continue the installation.
Verify that the InstallShield Wizard completed successfully and click on [Finish].
Request and Install the Certificate from the CA
Launch your internet browser of your choice and navigate to "https://[address of domain server]/certsr". Input your username and password to log in when requested.
On the "Microsoft Active Directory Certificate Services" main page, under "Select a task", click on [Request a certificate].
Under "Request a certificate", click on [advanced certificate request].
Under "Advanced Certificate Request" on the page, select [Create and submit a request to this CA].
Under the subheading "Key Options" on the "Advanced Certificate Request" page, select [Smartcard User] from the drop-down list for "Certificate Template", and [UniToken PRO CSP v2.0] from the drop-down list for "CSP". Continue with the default settings and click on [Submit] to apply for the certificate.
A "Web Access Confirmation" warning message will appear, asking to confirm the operation. Click on [Yes] to continue.
A window requesting the PIN for the UniToken device will appear. Input the User PIN and click on [OK] to continue.
Click on [Install this certificate] on the "Certificate Issued" page to install the certificate within the token.
Click on [Yes] when the warning message [Do you want to allow the actions performed by this website] appears.
The "Certificate Installed" page will appear when the installation is complete.
Configure Smart Card Logon
In the start menu, click on [Run].
Input "gpedit.msc", without the quotation marks, in "Open" and click [OK].
On the [Group Policy] page, in [Computer Configuration], [Windows Settings], [Security Settings],[Local Policies], [Security Options], right-click on [Interactive Logon: Requires smart card] and select [Properties].
Under the [Local Security Setting] tab, select [Enabled] and click on [OK] to apply.
In the same directory, right-click [Interactive logon: Smart card removal behavior] and select [properties]
Under the [Local Security Setting] tab, select the action to perform when the UniToken device is removed from the computer, then click on [OK] to apply.