Home page logo
/

basics logo Security Basics mailing list archives

RE: Strong Authentication For A Windows Logon
From: "Daniel Surdu" <daniels () graycon com>
Date: Tue, 12 Nov 2002 11:40:18 -0600

Yes, SecureID works that way.
You obviously need the ACE Secure ID server to be available to
authenticate the user, and you need to have the ACE Secure ID client
installed on the Laptop.
If all that is in place, if the user does not supply the correct
SecureID token, he/she cannot log on to the workstation.
I have tested the above set-up with ACE Secure ID server/client software
for Windows NT, but I am sure their newer versions that support Win2k
work the same way.

-----Original Message-----
From: Alan Blackwell [mailto:blackwellalan () hotmail com] 
Sent: November 11, 2002 8:10 AM
To: security-basics () securityfocus com
Subject: Strong Authentication For A Windows Logon


Hi,

The engineers where I work need to use a laptop with special 
applications on 
it to help them maintain some plant machinery. This laptop 
will be a Windows 
2000 laptop that will log into the new Active Directory 
enabled Domain that 
is being setup. For various reasons we need very strong 
control of who logs 
onto this laptop and when.

The current idea is to use strong authentication on the 
Windows logon that 
the laptop user will use. The idea is to issue a SecurID token to an 
appropriate senior engineer who needs to authorise any 
changes to the plant 
machinery. By using the token as part of the laptop's windows 
logon we can 
ensure that whichever engineer has the laptop out needs to 
call the senior 
engineer during the logon process. If they don't they can't 
logon as they 
won't have the passcode.

Can anyone answer the following:

Do SecurID tokens work with Windows logons in this way, if so 
how do you set 
it up?

If SecurID tokens don't work in this way are there any other strong 
authentication solutions for Windows that anyone cares to 
recommend? I would 
prefer something similar to the above where a passcode from a 
token is 
required if possible.

Thanks for your help.

Regards

Alan

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]