http://blogs.technet.com/b/instan/archive/2008/12/08/requiring-smart-cards-for-logon-avoiding-the-outage-caused-by-expired-crl-s.aspxLet's say your organization wants to make smartcards mandatory for all users as part of a security push, i.e. implement 'two-factor authentication' ("something you have and something you know"). The concern however is that if revocation checks foren-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.technet.com/b/instan/archive/2008/12/08/requiring-smart-cards-for-logon-avoiding-the-outage-caused-by-expired-crl-s.aspx#3557775Mon, 11 Mar 2013 11:33:41 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3557775Ingolfur Arnar Stangeland<p>Setting UseCachedCRLOnlyAndIgnoreRevocationUnknownErrors on W2k8 R2 DC&#39;s should allow you to do that - periodically obtaining the CRL offline from the 3rd party and publishing it via certutil -dspublish would be an alternative also.</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3557775" width="1" height="1">http://blogs.technet.com/b/instan/archive/2008/12/08/requiring-smart-cards-for-logon-avoiding-the-outage-caused-by-expired-crl-s.aspx#3553949Wed, 20 Feb 2013 23:35:18 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3553949Jon<p>What about Windows 2008 and Win7? &nbsp;</p> <p>I&#39;d like to disable CRL checking to get a non-internet connected 3rd party CA smartcard to login without the CRL check.</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3553949" width="1" height="1">