Access local smart card from RDP session

Question

We have a Windows PC with a tool chain for software development on a security controller. The SDK comes with a virtual smart card. We would like to work remotely (via RDP) with the virtual smart cards. However, Windows does show the virtual smart card readers only when logged in locally. When we log in via RDP not smart card readers are shown. How can we configure Windows 10 to allow access to local smart cards when working with a remote session.

I understand the the restrictions Windows apply make sense when authentication via smart cards. However, we want to develop on smart cards. That's a different use case.

Answer 1

Hi there,

It is not possible, you can't use the locally plugged smartcard of the server you RDP into, as your session is redirected to the client then only the clients smartcard is accessible in the rdp session.

Microsoft made it like this for security reasons. Smart Card and Remote Desktop Services https://learn.microsoft.com/en-us/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services

-------------------------------------------------------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept it as an answer--

Answer 2

My client insists on using it this way. After some exploration, I finally found a solution.

The invocation of the smartcard is done through the SCard_XXX methods in Winscard.dll, which implements the following mechanisms:

1. If the remote service TermService is disabled, it directly calls the local smartcard.
2. If the program calling Winscard.dll is a Windows service, it directly calls the local smartcard.
3. Otherwise, it determines that it is a remote call and forwards the invocation to the remote service.

Therefore, by changing the name of TermService or using a Windows service program, it is possible to achieve the invocation of the local smartcard.