How to use certificates in MS domain logon?
Before using your card/token for domain logon, you should first configure your computer to be connected on a particular domain (your company domain for example). This domain server should also be configured to issue certificates. There are many sources in the internet for configuring your Active Directory Certificate Service, so that will no longer be discussed here.
First, configure your computer to connect to a particular domain. Follow the steps below to connect to a particular domain:
- In your Local Area Network Connection properties. Click "Internet Protocol (TCP/IP)" (Figure 1).
Figure 1: Click your TCP/IP settings in your LAN connection.
- In your TCP/IP settings, check "Use the Following DNS server addreses" (Figure 2).
Type in the IP of the Domain Name server. If you don't know the IP address of your DNS server, contact your Network Administrator.
Figure 2: Type in your DNS address.
- Click OK. After successfully configuring your DNS server address. Right Click the "My Computer" icon on your desktop and select "Properties".
- In the "Computer Name" tab, click the "Change" button. A "Computer Name Changes" dialog box will appear (Figure 3).
Figure 3: Computer Name Changes dialog box.
- Select "Domain" in the "Member of" Panel. Type in the Domain Name of the DNS Server that you are trying to connect to.
- When prompted for a username and password, type in the username and password that have been assigned to you by your Network Administrator.
- You will be prompted to restart your computer after you have successfully entered your username and password.
- Save all your work and restart the computer. After a reboot you will notice that the welcome screen of your OS is different.
- Just follow the instructions on the welcome screen. If you already have a card/token with a smart card logon certificate stored in it, you can now use this to login to your computer. If you don't have a smart card with a certificate then follow this link to request a smart card certificate or contact your network administrator so he/she can request one for you.