Checklist: Deploying smart cards for logging on to Windows
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Checklist: Deploying smart cards for logging on to Windows
| Step | Reference |
|---|---|
Review concepts about smart cards. |
Smart Card Smart Card Concepts |
Set up certification authorities (CAs) and the certification hierarchy |
|
If you have not already done so, follow the checklist for deploying certification authorities and public key infrastructure (PKI) on an intranet. |
Checklist: Creating a certification hierarchy with an offline root certification authority |
For each domain |
|
Set the security permissions of the Smart Card User, Smart Card Logon, and Enrollment Agent certificate templates to allow smart card users to enroll for certificates. |
Allow subjects to request a certificate that is based on the template |
For each certification authority issuing smart card certificates |
|
Set up the certification authority to issue smart card certificates. |
Prepare a certification authority to issue smart card certificates |
If you did not do so in the previous step, set up a certification authority to issue Enrollment Agent certificates. |
To establish the certificate types that an enterprise certification authority can issue |
Set up a smart card enrollment station |
|
Install a smart card reader. |
|
Get an Enrollment Agent certificate for the persons who will be setting up smart cards for users. |
|
For each smart card user |
|
Set up smart cards. |
|
Install a smart card reader on the smart card user's computer. |
|
Review smart card logon procedure. |