Marc, Brian is right about interactive logon. You're right about the password becoming long and complex. What you will have to do is have every user change their password back to something that meets your password policy. This means having every user visit an admin or someone with enough permission to change a user password. They will have to pull up the user account through ADUC and have the user set a new password. This will allow them to view OWA or whatever web application that they used to be able to with the newly set password, at the same time only allowing them interactive logon by smartcard.
Thanks... ... ... ... Sergio J. Olivarez - Contractor GD-NS -----Original Message----- From: Brian Desmond [mailto:[EMAIL PROTECTED] Sent: Friday, February 24, 2006 3:19 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Smartcard Question No, not true. Interactive logon is when you sit at a computer and press control alt delete and "interactively" log yourself into the computer. Accessing OWA, for example, is not an interactive logon. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] On Behalf Of Marc A. Mapplebeck > Sent: Friday, February 24, 2006 4:48 PM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Smartcard Question > > I am looking at hardening security by requiring smartcards for interactive > logons VIA the GPO. However, users also use OWA from home, as well as > access > a few web applications remotely while in the field, these are just using > Integrated Authentication through our ISA server. My question however, > relates back to the GPO setting. I was always under the impression that > when > you enable "Require smartcard for interactive logon" that it effectively > disabled the password on the account(excessively long and complex password > is set). Is this true, and if so, does anybody have a trick to get around > this? - Marc > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/