Introductions

  • Article

Hi All

 

My name is Steve Patrick, or as most folks call me - Spat. MS culture has an interesting quirk where folks stop using your real name and call you by your alias after a while. So - Spat it is.

I work in CPR, or Critical Problem Resolution, which is a group within Support Services. I decided to start a Blog to share some of the interesting things I run across on a daily\weekly basis and I will try to keep it up to date. I may have a different perspective than alot of Blogs here since the only time I ever get to work with Customers are when things go terribly wrong. I tend to work with Active Directory, Group Policies, DFS, PKI, and some other random components.

So, to kick it off Ill describe a recent experience.

A fairly large unnamed company is moving to a complete smartcard based authentication environment. They chose to implement the fix noted in https://support.microsoft.com/?kbid=834875 which will allow XP to require a smartcard to logon interactively. Nice idea and guarantees the users will use the smartcards you just spent a bundle rolling out.

This article is a result of what we call a DCR - or a design change request. Meaning a code change in the product which is not due to a bug, but is the result of a new design\feature. We dont to do this on a regular basis and there needs to be a REALLY good reason in order to approve a DCR since it could have significant impact. Ok, back to the story... By the time I was aware of the problem it had already been worked by someone else and they knew they had a problem which could not be resolved without a code change. Here is the problem: When you implement this machine policy you will no longer be able to use Remote Assistance - which this company had invested heavily in. When the remote assistance guy would try to connect it would not let him and popup a msg

"Unable to log you on because it is required that you use a smart card to log on, please contact your administrator"

After debugging this and understanding the code around winlogon and the remote assistance area it was decided we would change the code so it noted the remote assistance logon and would allow it to connect. This will be a hotfix released in an upcoming article 893226.

So, there is a little sample of the kind of stuff I work on. In other posts Ill try to post debug info and new\interesting (at least to me) data\stories.

Till next time..

 

Spat