Win NT–Logon Policies Options
Windows NT 4.0
To see these options, click the
Manager, click the
Manual logon for...
This option allows you to decide who, if anyone, can log on to the PC by
The manual logon can only be performed when no one else is logged on
to the PC and the smart card has been removed from the reader at
Default value: Administrators
Potential security impact: High
and entering their usual Windows password.
The PC can be accessed in two ways only: with a correct smart card and
PIN, or with the administrator password.
This setting is recommended since it allows a "back door" entry onto the PC.
A back door entry makes it easy for the administrator to gain access to the
PC (with the administrator password), without needing a valid smart card.
The PC can only be accessed with a correct smart card and PIN.
This setting is recommended for very high security environments. Using this
option ensures that only bearers of a smart card and the correct pin
(administrator included) can gain access to the system.
This option leaves no "back door entry" (see above): access can only be
obtained with a valid smart card.
If you use this option, it is strongly recommended that you have valid, up to
date backup smart cards stored in a safe place, and ready for use.
Any valid Windows user can log on to the PC manually. Essentially, this
means that the user does not need a smart card to get access to the PC.
With this setting, the smart card provides little or no improvement to
This setting is not recommended. It could however be useful during the
4 Managing Security and Smart Cards
Managing Security: Configuration Settings
tab in the Smart Card Security
button then the