4 Managing Security and Smart Cards
Managing Smart Cards
Using Smart Cards under Windows NT and Windows 2000
Windows NT 4.0
Each authorized user should have their own smart card. When
preparing a smart card, you assign a person's name (or identifier) and a
PIN number to the smart card.
By using their smart card, the user should be able to access any system
resources they need. To allow this, you add user accounts to the user's
smart card. Each account must have its own valid username, password
and domain name. You can add several accounts to the same smart
card, allowing the user access to several different systems. The user
needs only to remember their smart card's PIN, rather than the
password for each authorized system.
To be accessible by this means, each PC must also have a smart card
reader and the ProtectTools 2000 software installed.
You can add and remove accounts from the users' smart cards as
Once you have created a smart card and it is ready for use, it is strongly
recommended that you create a recovery (backup) file of the smart
card. The recovery file can be used to recreate the smart card if the
original is lost or stolen. You do this by restoring the recovery file
contents onto a new smart card.
Also, before giving the user their smart card, it is strongly
recommended you create a duplicate smart card for backup purposes.
Two blank smart cards are provided with ProtectTools 2000 for this
If you or the user modifies any account information on the smart card,
you should immediately create a new recovery file and store it in a safe
If you keep a backup smart card, you must also update the information
on the backup smart card (by restoring the new recovery file onto the
backup smart card).