Smart Card Authentication


Version 5.5 and above of the NT Utilities software now includes remote Smart Card authentication, which allows the user of the NT Utilities software to authenticate to the remote machine using their Smart Card and PIN from their local machine.


All of the functionality within the NT Utilities software, including installing, removing, starting, or stopping the MRC Client Agent Service on a remote machine is accomplished by asking the Operating System on your local machine to execute standard Microsoft Windows APIs. The ability to perform this task also requires local Administrator rights within the Operating System on the remote machine, and will either be attempted based upon your current O/S logon credentials, and/or your current authentication to this remote machine within the Operating System itself. These APIs also require the Operating System’s installed protocols, basically File & Printer Sharing (i.e. 137-139/445), which also requires File & Printer Sharing to be enabled on the remote machine, as well as the Server Service and NetLogon Service (in Domain environments).


In addition to the above requirements, in Smart Card only environments where UserIDs and Passwords are no longer allowed (based upon policy settings, etc.), you must have the ability to map a network drive (or access shared resources) on these remote machines via your Smart Card (i.e. Net Use X: \\RemoteMachine\Resource /smartcard ). If you cannot access resources on these remote machines using your Smart Card, then you also will not have the ability to use any of the NT Utilities functionality, and you will also not have the ability to install, remove, start, or stop the Mini Remote Client Agent Service on this remote machine using Smart Card authentication within our software either. This is strictly a requirement of Microsoft, not directly of our software.


If your Smart Card environment still allows Legacy Logins (via UserID & Password), then you should still be able to perform these tasks by first authenticating to this remote machine using Administrator credentials. Once you establish this authenticated connection, the O/S & APIs should use that authentication to perform these tasks.