锁定智能卡删除会话 [英] Locking session on smart card removal

问题描述

嗨。我正在开发Credential Provider，这意味着允许用户使用智能卡登录到未连接到任何域的工作站（如家庭版）。我已经通过创建完整的GINA替换为XP / 2003做了它，现在我需要Vista解决方案（哦，顺便说一句，新的winlogon架构与旧版本相比非常漂亮）

Hi. I'm developing Credential Provider which is meant to allow users login using smartcards into workstations not connected to any domains (like Home editions). I've done it for XP/2003 by creating full GINA replacement and now I need Vista solution (Oh, btw, new winlogon architecture is so beautiful compared to the old one )

我目前最大的问题是锁定智能卡删除后的工作站。对我来说最好的方法是使用现有的智能卡删除政策（ScPolicySvc）并强制它观看所述阅读器。我知道默认的SmartCardCredentialProvider将某些数据放在注册表中（稍后由ScPolicySvc读取），但我不知道它们究竟在哪里以及它们是如何形成的。

My currently biggest problem is locking workstation after smart card removal. The perfect way to me would be by using already existing Smart Card Removal Policy (ScPolicySvc) and forcing it to watch said reader. I know that default SmartCardCredentialProvider put some data in some place into registry (which is later read by ScPolicySvc), but I don't know where exactly and how are they formated.

我将不胜感激任何帮助。

I would appreciate any help on this.

第二个解决方案将涉及创建相同的服务，但我不知道如何从服务中锁定LockWorkStation（）。是否需要任何假冒或任何其他特殊待遇？我知道ScPolicySvc使用未记录的函数WmsgSendMessage（我相信uMsg = 0x0403），但我自己无法做到。

The second solution would involve creating service doing the same, but I don't know how can i LockWorkStation() from the service. Does it need any impersonating or any other special treatment? I know that ScPolicySvc uses undocumented function WmsgSendMessage (with uMsg=0x0403, I believe), but I wasn't able to do it myself.

提前感谢任何建议。

推荐答案

我讨厌发帖，但我还是没有找到任何解决方案，当我在等待微软的SASLIB时，我非常感谢有关锁定工作站服务和/或使用ScPolicySvc的任何信息。

I hate bumping posts, but I still haven't found any solution, and while I'm waiting for SASLIB from Microsoft, I'd really appreciate any information on locking workstation from service and/or using ScPolicySvc.

提前致谢。

这篇关于锁定智能卡删除会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！