![]() Which makes sense, and from the local console, as Administrator, I get PS> certutil -scinfo SCardAccessStartedEvent: Service is in an unknown state.ĬertUtil: -SCInfo command FAILED: 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED) When I manually start the SCardSvr and ScDeviceEnum services, I cannot access the card even as Administrator when logged in via SSH: The Microsoft Smart Card Resource Manager is not running. In my case however, I have a noninteractive logon that isn't associated with a desktop. Most documentation I could find concerns using the smartcard for logon, for which the policy is simple: the logon UI has access to the card to verify credentials, then passes on this access to the user session. The problem where I'm truly stuck however is the security model for smartcard access. I have applied this fix, which seems to have improved things a bit (the card shows up OK right after boot), but that doesn't seem permanent. I have configured a virtual USB CCID reader with a card permanently inserted, and it shows up in Windows: PS> Get-PnpDeviceĮrror SmartCardReader Microsoft Usbccid Smartcard Reader (WUDF) USB\VID_08E6.įirst, the Error state is concerning. To have at least a semblance of security, I want to use a virtual smartcard that is based on crypto operations on the host, so an attacker who is interested in copying key material would need to break out of the VM. I have a VM running Windows Server 2019 Datacenter Core, which is running a Jenkins build agent as a noninteractive service with its own local user account (. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |