用MS Active Directory登录Windows域计算机#
下载并安装最新的`OpenSC <https://github.com/OpenSC/OpenSC/wiki>`__。
Use a text editor to add the following settings to
C:\Program Files:\OpenSC Project\OpenSC\opensc.conf
.
# Nitrokey Pro 2, OpenPGP Card, Nitrokey Storage 2
card_atr 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:f5:73:c0:01:60:00:90:00:1c {
type = 9002;
driver = "openpgp";
# name = "Nitrokey Pro 2";
md_read_only = false;
md_supports_X509_enrollment = true;
}
# Nitrokey Pro, OpenPGP Card
card_atr 3B:DA:18:FF:81:B1:FE:75:1F:03:00:31:C5:73:C0:01:40:00:90:00:0C {
type = 9002;
driver = "openpgp";
# name = "Nitrokey Pro";
md_read_only = false;
md_supports_X509_enrollment = true;
}
# Nitrokey HSM 2, SmartCard-HSM
card_atr 3b:de:18:ff:81:91:fe:1f:c3:80:31:81:54:48:53:4d:31:73:80:21:40:81:07:1c {
type = 26000;
driver = "sc-hsm";
# name = "Nitrokey HSM 2";
md_read_only = false;
md_supports_X509_enrollment = true;
}
# Nitrokey HSM, SmartCard-HSM
card_atr 3B:FE:18:00:00:81:31:FE:45:80:31:81:54:48:53:4D:31:73:80:21:40:81:07:FA {
type = 26000;
driver = "sc-hsm";
# name = "Nitrokey HSM";
md_read_only = false;
md_supports_X509_enrollment = true;
}
打开一个命令终端,输入 “regedit”。使用regedit导入`这个文件<https://www.nitrokey.com/sites/default/files/nk-hsm.reg>`__。
现在你可以为你在微软活动目录中管理的用户注册Nitrokeys。你可以使用微软的PKI,gpgsm,或者`Smart Policy <https://www.mysmartlogon.com/products/smart-policy.html>`__。下面的步骤描述了智能策略的用法。
`下载<https://download.mysmartlogon.com/SmartPolicyv2/SmartPolicy%20-%20Stage%203.exe>`__并安装Smart Policy。
选择 “读取智能卡”
选择证书、映射和用户。
通过CRL验证设备状态。
选择一个组策略对象(GPO)。
确认应用该映射。
从现在起,在登录Windows电脑时,你需要连接Nitrokey并输入密码。