For a DC to be able to service smartcard logons the DC must have a valid and suitable certificate present in the personal store of the computer account. This is typically autoenrolled for whenever a Windows CA server has been installed into the AD environment. The KDC service on W2k8 R2 monitors the...

The way smartcard redirection works is that there is a code snipped in Winscard.dll that is only invoked at the point in time when it loads. If Winscard is being loaded in a Terminal Session - all calls to that specific instance of Winscard are redirected to Winscard.dll on the host initiating...

One of our customers reported the following: We have been evaluating EFS on Windows 7 as part of our upgrade from Windows XP project and have discovered that if you share a folder and encrypt a file within it locally, the same user is able to decrypt it remotely without the workstation being trusted...

Windows Vista and Windows Server 2008 introduced a new service that is dedicated to monitoring the removal of smartcards on the system and handling of the event as defined by the Smartcard Removal Policy service (ScRemoveOption) that is configured for the system. This service (ScPolicySvc) is hosted...

FRS is a multi-master replication system that takes care of replicating the contents of Sysvol between all DC’s in the domain (it can also replicate normal data but we're primarily interested in Sysvol replication in the blog entry). With proper care and maintenance, Post-SP2 FRS on W2k3 is pretty...