"Prevent plaintext PINs from being returned by credential manager"

03-30-2009

Hello,

I have three questions regarding the GPO setting "Prevent plaintext PINs
from being returned by credential manager" do? It is found under Computer
Configuration -> .. -> ADMX -> Windows Components -> Smartcard.

1. The explanation found in the group policy editor states that: "If you
enable this setting, credential manager does not return a plaintext PIN". The
question is then: To whom will it not return a plaintext PIN? To the LSA? To
the BaseCSP? To a random user asking for it?

2. When this setting is enabled, what encryption algorithm is used on the
PIN, and what key is used?

3. When this setting is enabled, smartcard login works fine. However,
smartcard enrollment does not work - when enrolling, the following message is
displayed after entering the smartcard PIN the first time in the enrollment
process: "Computer Policy prohibits performing this operation because the
card does not support the required level of security".
The question is: Why does login work with this setting, but not signing?

Thank you very much!

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Problems with the "Require trusted path for credential entry" setting	rrm	Windows Vista Security	3	09-19-2008 12:22 PM
How to change "require trusted path for credential entry"	chenoa	Windows Vista Administration	0	01-25-2008 12:05 PM
Problem setting WinCE RAS server user credential directly from "hashed" password	Yvan M.	Windows Vista Drivers	0	01-04-2005 02:59 PM
Media Player "Pins"	techwannaknow	Windows Media Player	0	06-01-2004 11:34 PM
Windows cant play because the "pins" are connected??	PEte	Windows Media Player	1	04-29-2004 01:27 AM