Configuring Windows 8 for using Virtual Smart Cards with Lync Server 2013
Topic Last Modified: 2013-07-03
One factor to consider when deploying two-factor authentication and smart card technology is the cost of implementation. Windows 8 provides a number of new security capabilities, and one of the most interesting new features is support for virtual smart cards.
For computers equipped with a Trusted Platform Module (TPM) chip that meets specification version 1.2, organizations can now get the benefits of smart card logon without making any additional investments in hardware. For more information, see Using Virtual Smart Cards with Windows 8 at https://go.microsoft.com/fwlink/p/?LinkId=313365.
To Configure Windows 8 for Virtual Smart Cards
Log in to the Windows 8 computer using the credentials of a Lync-enabled user.
At the Windows 8 Start screen, move your cursor to the bottom right corner of the screen.
Select the Search option, and then search for Command Prompt.
Right click on Command Prompt, and then select Run as Administrator.
Open the Trusted Platform Module (TPM) Management console by running the following command:
From the TPM management console, verify that your TPM specification version is at least 1.2
If you receive a dialog stating that a Compatible Trust Platform Module (TPM) cannot be found, verify that the computer has a compatible TPM module and that it is enabled in the system BIOS.
Close the TPM management console
From the command prompt, create a new virtual smart card using the following command:
TpmVscMgr create /name MyVSC /pin default /adminkey random /generate
To provide a custom PIN value when creating the virtual smart card, use /pin prompt instead.
From the command prompt, open the Computer Management console by running the following command:
In the Computer Management console, select Device Management.
Expand Smart card readers.
Verify that the new virtual smart card reader has been created successfully.