Seagate ST500LM020 Podręcznik Użytkownika Pobierz pdf (Strona 21)

TPM as a Virtual Smart Card | Wave Systems Corp.  2012

ESC 2.9.5 Client Manual

5.1. Configuration

To configure TPM Virtual Smart card on the client computer to accept certificates:

1. Install ESC 2.9

2. Turn the TPM on and take ownership of it through ESC or ERAS.

3. [Optional but recommended] Open services.msc and stop the “Windows Update” service

4. Copy Install_Virtual_SmartCard_v<x>.<y>.vbs from the ERAS installation media to the ESC client.

5. Open a Windows Command Prompt with Admin rights. This can be done by right clicking the

“Command Prompt” in the start menu and selecting “Run as administrator”.

6. Navigate to the folder containing the .vbs script and run “cscript.exe

Install_Virtual_SmartCard_v<x>.<y>.vbs”

7. Restart the computer

If using TPMVSC for Windows Logon using Wave Secure Logon, be sure to enable authentication using

password or certificate.

5.2. Usage

Setting up a smart card authentication requires the IT administrator to have a basic understanding of

public key infrastructure (PKI) and the Microsoft “Certificate Authority” server role. Requesting a

certificate is simple and works the same as with a physical smart card, certificates can be added using

the Certificates MMC snapin, or the Microsoft Internet Information Services (IIS) certificate server

(certsrv) page using a web browser.

Certificate Template Requirements

1. TPMVSC supports V1 (server 2000), V2 (server 2003). TPMVSC does not support V3 (server

2008) templates.

2. If a CSP is specified under the “Request Handling” tab within the certificate template, it must be

“Microsoft Base Smart Card Crypto Provider”. If a CSP is not specified in the template, the user

will have to specify it during web-enrollment.

3. The “Extensions” tab must have an “Authentications Policy” extension. When highlighted, it

must list “Smart Card Logon”, under Description of Application Policies below.

4. The certificate cannot be a certified certificate; it cannot be given a SKAE extension.

Web-Enrollment Requirements:

1. The key size must be either 1024 or 2048

2. The Smart Card service must be running on the client machine. This can be checked by running

services.msc. If it is not running, an error code SCARD_E_NO_SERVICE may appear.

3. The TPM will be accessible if all of the following requirements are met:

• Powered on

• Enabled

• Activated

• Owned

• Unlocked

1 2 ... 16 17 18 19 20 21 22 23 24 25 26 ... 62 63

Brak uwag

Seagate ST500LM020 Podręcznik Użytkownika Strona 21