Smartcard access on Windows Server - windows-server-2008

How do I access a smartcard that is locally attached to a Windows Server 2008R2 in a self written Windows service that is running on that server?
NB: I can access the same smartcard when I start the service as normal Windows 10 application from the command line.

You did not provide enough information about the problem you are experiencing but changing service identity to LocalService and not using RDP usually helps.

Related

can you map a windows login to an sql server authentication user?

this is for the purpose of cutting an asp.net web application over from using an sql server authentication connection string to using a windows authentication connection string.
See How to: Access SQL Server Using Windows Integrated Security.
If your application runs on a Windows-based intranet, you might be able to use Windows integrated authentication for database access. Integrated security uses the current Windows identity established on the operating system thread to access the SQL Server database. You can then map the Windows identity to a SQL Server database and permissions.
To connect to SQL Server using Windows integrated authentication, you must identify the Windows identity under which your ASP.NET application is running. You must also be sure that the identity has been granted access to the SQL Server database. This topic includes a code example that displays the current Windows identity of the ASP.NET application.
As well as the application of this toward an intranet, you can use it for a public website by setting the Application Pool to run as a custom user that has a Windows logon to the SQL Server.

DirectAccess 2012 R2 connection failing for Win8 with certificates

We're working on an implementation of DirectAccess using Windows Server 2012 R2.
The DA server is a single NIC behind the firewall with TCP/443 forwarded for IPHTTPS.
During the initial testing/setup, we set it up strictly for Windows 8.1 clients, using the username/password (computer account) to authenticate. Everything worked beautifully.
Wanting to extend the testing to Windows 7 clients, we configured DA to use certificates for authentication. We have an internal PKI infrastructure that has worked properly for everything else we've needed it for during the last 2 years.
Windows 7 clients, with the DirectAccess Connectivity Assistant, connect and work beautifully. However, Windows 8.1 clients cannot.
We've checked the certificates and all seems good. Using the DirectAccess Troubleshooter, we see that it connects successfully to the DA IPHTTPS URL, however it can't access any internal resources. We can ping the internal DCE addresses x:y:z::1 & x:y:z::2 that it is my understanding are the DA server inside our network.
Are there any additional tools for troubleshooting this? Can anyone point me in the right direction to determine why only Win8 clients won't connect with certificates?
The initial getting started wizard in DA allows Windows 8 / 8.1 to connect using Kerberos Proxy (no certs). A full blown install using PKI mandates that all clients use certificates. Deploy the Computer certs to the Windows 8 / 8.1 and you will be fine.
Reference - http://technet.microsoft.com/en-gb/windows/dn197886.aspx
How does DirectAccess in Windows 8 and Windows Server 2012 simplify deployment?
In earlier versions of Windows Server, a PKI was required to deploy DirectAccess. DirectAccess used the PKI for server and client certificate-based authentication. Now Windows 8 sends client authentication requests by using a Kerberos proxy service running on the DirectAccess server. The Kerberos proxy service sends requests to domain controllers on behalf of the client. As a result, for simple deployments a PKI is not required to deploy DirectAccess, and IT administrator can use the Getting Started Wizard to configure DirectAccess in a few easy steps. For more complex deployment scenarios, PKI is still required.
It would help if you can present some graphical representations of your problems 'cause every response to your question would only be assumptions.
Troubleshoot as follows:
Check to make sure the windows client is an Enterprise edition
If point 1 above is true, run the 'get-DaConnectionstatus' command on Powershell to see if the client can determine its location, otherwise get a windows enterprise edition.
3.If both point 1 and 2 are true then check to make sure your group policies are well configured. Remember to separate the security groups for windows 7 and windows 8 clients.

How To Query A Remote Index From Windows 8

I have a machine running Windows 2008 Server using the built-in Windows Indexing functionality. I have a separate machine running Windows 8. I need to query the Windows 2008 index from the Windows 8 machine. I used to be able to do this using the MSIDXS provider but this is no longer in option in Windows 8.
Is there a new way to deal with this scenario? My internet searches haven't turned up much.
Windows Store apps use contracts and extensions to enable communications between apps and between an app and Windows. More info on the subject here. I haven't worked with MSIDXS provider, but from what you described, you will not be able to access the data residing on a server directly as you would before.
One option is to expose the index data as a service to your Windows Store app. This is probably not optimized for your case, but it is a general approach to consider when you need to communicate with resources outside of your Windows Store app.

Use WebDav in Sharepoint 2010

I have done some research, based on the problem that my single server gives me when I try to open a document library in windows explorer from the ribbon menu item "Open in Windows Explorer".
The same problem occurs when I try to map sharepoint to a folder in windows explorer too.
The error is:
Your client does not support opening this list with Windows Explorer
From the net, suggestions are:
(Since I'm trying this operation from server itself) enable Desktop Experience
Install the KB907306 update.
Enable IIS webDav service (Some say, it's just for additional functions from the MS Whitepaper)
(Edit) Started webClient service
I've already done them. Nothing changed. Proper machine restart and iis too have done.
Need some serious advice.
Thanks in advance.
Not sure if we are having exactly the same problem BUT I have had similar problem while accessing SP via Windows Explorer in Windows Server 2k8.
What I done to fix it is following:
Install new server feature called Desktop Experience (it comes with WebDAV redirector, which allows you to connect to WebDAV) - Note: Server will need to be restarted.
In Services start WebClient service (go to properties and make sure it starts automatically)
You will now be able to access your sharepoint via entering network path such as \sharepointhost\application\myawesomeapplication\ etc.
Hope that helps.
If you are trying to do this from the server, test it from a server which is not on the SharePoint farm (or better yet, a client machine). Ensure all of your testing is done from machines which are not on the farm.
Do NOT enable the IIS WebDAV service, as SharePoint provides its own WebDAV service and the IIS one overrides it in the pipeline. Enabling this service is a sure path to breaking WebDAV.
If you have SSL enabled, you may be in for a rough time getting it to work. Start by understanding how to use the 'net use' command, and the #SSL suffix.
make sure your webdav is installed as feature
make the following registry fix (http://support.microsoft.com/kb/841215) :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
Add a new DWORD "BasicAuthLevel" and change this to "2"
Restart your machine (and make sure it is enabled in IIS)
Make sure that WebClient windows service is running in the server. This shall appear in client operating systems like Windows 7, windows 8 however, on the server operating systems like Windows Server 2008, it shall be installed by enabling the server feature "Desktop experience" using Server Manager
This issue nearly killed me. I found that I was using a 64 bit version of my browser and that is'nt supported. I changed over to the 32 bit and it works.

Ways of Authentication against a Windows Server in C# for a Client Application

I have windows server 2003 machine as a part of our network. I have created an administrator user on it.
Now this server system has a shared folder.
I am writing a C# application which will copy some files a local system to that shared folder in the windows server 2003 machine.
I have coded the file transfer code, it works fine if I authenticate the client machines using windows explorer to copy file into the shared folder on the server.
However If I don't authenticate using windows explorer my code gives Access Denied Error.
I want C# cope piece which can authenticate my file transfer application without entering the creds on windows explorer each time. The windows server has normal windows authentication.
Please help!!
Edit-
The server does not have an AD, please note that Iam authenticating against an AD, I just want to create an Authenticated windows session to the machine.
You need to use impersonation.
The following KB article has some good information on using impersonation from .NET:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306158
A quick Google search turns up the following example (based on the same idea):
http://www.codeproject.com/KB/cs/cpimpersonation1.aspx