Using a smart card to log on to a terminal server

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Using a smart card to log on to a terminal server

Smart cards are the most secure way to log on to a computer that is connected to a network. Because smart cards are tamper-resistant, they offer much stronger security than password-based logons can provide.

Many people choose passwords they can remember easily, which makes password-based logons weak and open to attack. If an unauthorized individual obtains your password, that individual can use your identity to connect to a network. However, to log on to a network by using your smart card, an unauthorized individual would have to obtain both the smart card and your personal identification number (PIN), which is far less likely.

Using a smart card to log on to a terminal server verifies your identity to the terminal server and allows you to access the programs you need to do your work. You can also make the smart card available to the terminal server for the duration of the session, in the same way that you can make your local disk drives available to the terminal server. However, the terminal server cannot access any private information stored on the smart card without your consent.

For information on making a smart card available to a terminal server, see Make a smart card available in a session. The option to enable smart card redirection is not displayed unless a smart card is present and the service is enabled.