Hi all,
I'm working on setting my users up with smart card enabled logins tied in with their AD accounts on a Win 2k3 server. The problem I'm running into is that, with the way things are currently setup, some users have a "normal"/underprivileged account for desktop work and such, and then they have another account with elevated privileges that they use when they need to do something requiring more access(admin the DC's).
I'm not sure if it's possible, but what I'm looking for is for a given user to be able to use their smart card to login to their desktops using their underprivileged account, and then use that same card to access their admin level account(like sudo on the Linux side) when the need arises.
If there's any way to do what I'm talking about without restructuring the AD I'm all ears.
Thanks
I'm working on setting my users up with smart card enabled logins tied in with their AD accounts on a Win 2k3 server. The problem I'm running into is that, with the way things are currently setup, some users have a "normal"/underprivileged account for desktop work and such, and then they have another account with elevated privileges that they use when they need to do something requiring more access(admin the DC's).
I'm not sure if it's possible, but what I'm looking for is for a given user to be able to use their smart card to login to their desktops using their underprivileged account, and then use that same card to access their admin level account(like sudo on the Linux side) when the need arises.
If there's any way to do what I'm talking about without restructuring the AD I'm all ears.
Thanks