Application Note Gemalto Access Client for windows smart card and EFS on Microsoft Windows Vista



Similar documents
Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008

IDGo 800 Minidriver for Windows. User Guide

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

SA Server 2.0. Application Note : Evidian SafeKit 7.0.4, Failover

Application Note. Gemalto s SA Server and OpenLDAP

Application Note. SA Server and ADAM

SafeNet Cisco AnyConnect Client. Configuration Guide

Application Note. Citrix Presentation Server through a Citrix Web Interface with OTP only

SafeNet Authentication Service

SafeNet Authentication Service Token Validator Proxy Agent. Configuration Guide

How To Connect Checkpoint To Gemalto Sa Server With A Checkpoint Vpn And Connect To A Check Point Wifi With A Cell Phone Or Ipvvv On A Pc Or Ipa (For A Pbv) On A Micro

SafeNet Authentication Service

Application Note. Gemalto Smart Cards with Citrix XenApp 5.0

SafeNet Authentication Service

Self Help Guides. Setup Exchange with Outlook

Dell Statistica Statistica Enterprise Installation Instructions

SafeNet Authentication Service Agent for Windows Logon. Configuration Guide

Self Help Guides. Create a New User in a Domain

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Synology NAS Server Windows ADS FAQ

How To Use A Smart Card With A Fingerprint On A Card On A Pc Or A Smartcard On A Microsoft Gina (Smart Card) On A Powerbook (Smartcard) On Windows Xp (Windows Xp) On An Iphone

Application Note: Integrate Cisco IPSec or SSL VPN with Gemalto SA Server. January

DIGIPASS CertiID. Getting Started 3.1.0

What are cookies and how does Glendale Career College use them?

Dell Statistica Document Management System (SDMS) Installation Instructions

Check Point FDE integration with Digipass Key devices

Dell Statistica. Statistica Document Management System (SDMS) Requirements

BlackBerry Desktop Manager Version: User Guide

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Provider secure web portal & Member Care Information portal Registration Form

BES10 Self-Service. Version: User Guide

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Installing the BlackBerry Enterprise Server Management console with a remote database

Issue 1 EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

Dell InTrust Preparing for Auditing Microsoft SQL Server

BlackBerry Business Cloud Services. Version: Release Notes

BlackBerry Mobile Conferencing

APPLIED BIOSYSTEMS END USER SOFTWARE LICENSE AGREEMENT FOR INSTRUMENT OPERATING AND ASSOCIATED BUNDLED SOFTWARE AND LIMITED PRODUCT WARRANTY

New Security Features

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Active Directory Change Notifier Quick Start Guide

Introduction to Version Control in

Decommissioning the original Microsoft Exchange

Dell InTrust 11.0 Best Practices Report Pack

Table of Content. Introduction. Software Install and Uninstall. Software Features and GUI. Quick Getting Started Guide. Frequently Asked Questions

TERMS OF USE 1. Definitions

Purchase Order Management Magento Module By:

Microsoft Windows Server 2003 Integration Guide

Enterprise Reporter Report Library

Terms & Conditions Template

BlackBerry Enterprise Server Resource Kit BlackBerry Analysis, Monitoring, and Troubleshooting Tools Version: 5.0 Service Pack: 2.

Website TERMS OF USE AND CONDITIONS

Installing the BlackBerry Enterprise Server Management Software on an administrator or remote computer

Spotlight Management Pack for SCOM

BlackBerry Web Desktop Manager. Version: 5.0 Service Pack: 4. User Guide

2 How to Set the Firewall when Using OptoLyzer Suite?

NetBak Replicator 4.0 User Manual Version 1.0

SafeNet Authentication Service

FAX-TO- END-USER LICENSE AGREEMENT

ChangeAuditor 6.0 For Windows File Servers. Event Reference Guide

InfoPrint 4247 Serial Matrix Printers. Remote Printer Management Utility For InfoPrint Serial Matrix Printers

Title Page. Installation Guide. PowerChute plus Version for Windows 95

Dell InTrust Preparing for Auditing and Monitoring Microsoft IIS

Provider Web Portal Registration Form

Trusted Platform Module (TPM) Quick Reference Guide

IPSec VPN Client Installation Guide. Version 4

Port Following. Port Following. Feature Description

SysInfoTools MS Access Database Recovery v3.0

Windows BitLocker Drive Encryption Step-by-Step Guide

Business Portal for Microsoft Dynamics GP. Project Time and Expense Administrator s Guide Release 10.0

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

SysInfoTools MS SQL Database Recovery

SSD Guru. Installation and User Guide. Software Version 1.4

File and Printer Sharing with Microsoft Windows

Microsoft Dynamics GP. Electronic Signatures

RSA Two Factor Authentication. Feature Description

BlackBerry Mobile Voice System - BlackBerry MVS Client

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

Using Microsoft Active Directory Server and IAS Authentication

New Features and Enhancements

Contents Notice to Users

Symantec Enterprise Vault

Web Remote Access. User Guide

Security Explorer 9.5. User Guide

EventTracker: Support to Non English Systems

RSA SecurID Software Token Security Best Practices Guide

4.0. Offline Folder Wizard. User Guide

SysInfoTools MS Word Docx Files Repair v2.0

Dell Unified Communications Command Suite - Diagnostics 8.0. Data Recorder User Guide

AGREEMENT BETWEEN USER AND Global Clinical Research Management, Inc.

CENTURY 21 CANADA LIMITED PARTNERSHIP WEBSITE TERMS OF USE

RSA Two Factor Authentication

AGREEMENT BETWEEN USER AND Caduceon Environmental Laboratories Customer Portal

About Recovery Manager for Active

epass2003 User Guide V1.0 Feitian Technologies Co., Ltd. Website:

System Requirements. Installation. Microsoft SQL Express 2008 R2 Installation

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

Synology NAS Server. Group Installation Guide Synology NAS Server Group Installation Guide

ALL WEATHER, INC. SOFTWARE END USER LICENSE AGREEMENT

Transcription:

Application Note Gemalto Access Client for windows smart card and EFS on Microsoft Windows Vista nicolas.bataille@gemalto.com hassen.frikha@gemalto.com November 2007 www.gemalto.com

All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and keep the sole right to file patent applications or any other kind of intellectual property protection in connection with such information. Nothing herein shall be construed as implying or granting to you any rights, by license, grant or otherwise, under any intellectual and/or industrial property rights of or concerning any of Gemalto s information. This document can be used for informational, non-commercial, internal and personal use only provided that: The copyright notice below, the confidentiality and proprietary legend and this full warning notice appear in all copies. This document shall not be posted on any network computer or broadcast in any media and no modification of any part of this document shall be made. Use for any other purpose is expressly prohibited and may result in severe civil and criminal liabilities. The information contained in this document is provided AS IS without any warranty of any kind. Unless otherwise expressly agreed in writing, Gemalto makes no warranty as to the value or accuracy of information contained herein. The document could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Furthermore, Gemalto reserves the right to make any change or improvement in the specifications data, information, and the like described herein, at any time. Gemalto hereby disclaims all warranties and conditions with regard to the information contained herein, including all implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Gemalto be liable, whether in contract, tort or otherwise, for any indirect, special or consequential damages or any damages whatsoever including but not limited to damages resulting from loss of use, data, profits, revenues, or customers, arising out of or in connection with the use or performance of information contained in this document. Gemalto does not and shall not warrant that this product will be resistant to all possible attacks and shall not incur, and disclaims, any liability in this respect. Even if each product is compliant with current security standards in force on the date of their design, security mechanisms' resistance necessarily evolves according to the state of the art in security and notably under the emergence of new attacks. Under no circumstances, shall Gemalto be held liable for any third party actions and in particular in case of any successful attack against systems or equipment incorporating Gemalto products. Gemalto disclaims any liability with respect to security for direct, indirect, incidental or consequential damages that result from any use of its products. It is further stressed that independent testing and verification by the person using the product is particularly encouraged, especially in any application in which defective, incorrect or insecure functioning could result in damage to persons or property, denial of service or loss of privacy. Copyright 2007 Gemalto N.V. All rights reserved. Gemalto and the Gemalto logo are trademarks and service marks of Gemalto N.V. and/or its subsidiaries and are registered in certain countries. All other trademarks and service marks, whether registered or not in specific countries, are the property of their respective owners. GEMALTO, B.P. 100, 13881 GEMENOS CEDEX, FRANCE. Tel: +33 (0)4.42.36.50.00 Fax: +33 (0)4.42.36.50.90 2

Table of contents Table of contents... 3 List of figure... 4 Overview... 5 Infrastructure Configuration... 6 Architecture...6 Microsoft Encrypted File System...6 Prerequisite for Gemalto Access Client for Windows Smart card...8 Gemalto Access Client for Windows smart card use cases... 8 3

List of figure Figure 1: General Infrastructure...6 Figure 2: Encryption File System General Properties...7 Figure 3: Encryption File System Cache Properties...7 Figure 4: User selection...8 Figure 5: Smart card logon...8 Figure 6: Advanced attributes...9 Figure 7: Options window...9 Figure 8: Smart card usage...10 Figure 9: User certificate...10 Figure 10: PIN verification...11 Figure 11: Access denied message box...11 Figure 12: Error message on lack of smart card...11 4

Overview In this document we will describe uses cases regarding the Microsoft Encrypted File System on Windows Vista and the Gemalto Access Client smart cards. Caution: Consequently, this document should not be considered as an instruction manual on how to configure your system. Microsoft o Windows Vista You need a computer running Microsoft Vista A user account who has administration right o Gemalto o Encrypted File System The Microsoft EFS provides the core file encryption technology to store Windows NT file system (NTFS) files encrypted on disk. We are going to use the Gemalto Access Client 5.3 CR C middleware. This driver will allow the use of the Gemalto Access Client for Windows smart card on a computer. The main steps are: Certificate installation on the Access Client smart card (not explain in this document) Folder creation Folder encryption Important: We have linked the EFS use case with a smart card logon in order to show the easiness of the solution but these technologies are not linked. You can make smart card logon without doing EFS and you can use EFS without smart card logon. 5

Infrastructure Configuration Architecture The general infrastructure needed to accomplish the following tests is the following. Active Directory Microsoft Vista Client on an NTFS partition Certification Authority Figure 1: General Infrastructure Microsoft Encrypted File System First of all, we should remember that in order to have access to the Encrypted File System, the File System Type must be set as Windows NT File system (NTFS). This is decided when installing the operating system. To activate the EFS using the Gemalto Access Client smart card, you have to proceed as following: 1. On the Windows Vista Control Panel, select Administrative Tools, 2. Click on Local Security Policy( you have to be member of the Administrator Group), 3. On the Public Key Policies right click on Encrypting File System and select Proprieties, 4. Check Allow on the File encryption using Encryption File System (EFS), 5. Check Require a smart card for EFS on the Option Panel, 6. Uncheck Allow EFS to generate self-signed certificates when a certification authority is not available. 7. Click on OK. Please find next page the screen shot for the EFS properties. 6

Figure 2: Encryption File System General Properties Figure 3: Encryption File System Cache Properties By checking the User locks workstation, you clear the encryption key cache when the workstation is locked. 7

Prerequisite for Gemalto Access Client for Windows Smart card We have already installed a certificate on the Gemalto Access Client smart card. Note: The certificate is delivered to the User_EFS user. The certificate has to have EFS attribute. Please refer to your CA admin guide in order to create the appropriate certificate template. Because we first use the smart card to logon to the workstation, the certificate has to have also the smart card logon attribute. In this example we have used a Microsoft CA but any CA compliant with Active Directory technology, can be used. Gemalto Access Client for Windows smart card use cases After PC start up press Ctlr-Alt-Del. You might be prompted for the previous user password. If so click on Switch User button. The user selector is displayed. Insert the Gemalto Access Client smart card. The smart card user name is now displayed under the smart card Icon. Click on the icon. Figure 4: User selection Enter the PIN code affected to the Gemalto Access Client smart card. Figure 5: Smart card logon 8

After logon on the workstation using the User_EFS smart card, we create a folder on witch we create a file named User_EFS. To encrypt the folder and its files, proceed as following: 1. Right click on the User_EFS folder and then click on Properties, 2. Click on Advanced, 3. Check Encrypt contents to secure data and then click on OK twice Figure 6: Advanced attributes 4. Chose Apply changes to this folder, subfolder and files and then click on OK, Figure 7: Options window 9

5. Click on Use an existing smart card certificate, Figure 8: Smart card usage 6. Select the user certificate and then click on OK Figure 9: User certificate 10

7. Enter your PIN code and then click on OK, Figure 10: PIN verification 8. The User_EFS folder is now encrypted. The folder is now accessible only for the User_EFS and he have to use his smart card to allow access to the files. If an other user logon to the work station he can t open the User_EFS encrypted file, even with a user with administration right. Figure 11: Access denied message box If the User_EFS don t have his smart card, he won t access his encrypted files. Figure 12: Error message on lack of smart card 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information