Using Server USB SmartCard reader - windows

i'm running a Terminal Server (Windows Server 2012 R2)
And have a big problem accessing smart cards (in my setting German "Gesundheitskarten") on our Terminal Server in RDP Sessions. These cards are not used to provide login to a program, but to transmit data like Insurance Number, Street, Postal Code etc... to our Database.
The Problem is, that the Smart Card reader (https://www.identiv.com/products/smart-card-readers/contact-smart-card-readers/utrust-2700-r-contact-smart-card-reader) which is attached to the Server (via USB) is showing in the device manager but not accessible in an RDP Session. The manufacturers test programm says that the Smart Card Ressource Manager is NOT Running (which isn't true) which indicates the the device is not accessible.
When i logon directly on the server (without RDP) the reader works fine. (Logged in as Admin or User)
I would try to connect the reader to the client device, but there a numerous reasons against it. Just to name a few: We have all sorts of clients (Mac/Android/iOs/Windows) who need access to the reader when they are near our front desk. Mobile Devices and Macs do not support SmartCard redirection. Also the Application which reads the Cards is unknown to support the redirection setup.
(Just for clarification, i don't want to give our users direct physical access to the Server - they use the app via RDP or mainly via Remote Resources)
Is there any way to map/bind the USB Smart Card Reader to a user also in an RDP Session which is connected to the Server? Is there any group policy setting i forgot?

You have to crack WinSCard.dll and SCardSvr.dll.
Refer to this page: http://lifayk.blogspot.co.uk/2012/07/windows-smart-card-subsystem-and-remote.html
I had tested the method and it works on Windows 2012 R2 Standard and Dataceneter.

Related

How is the tsclient share created (in terms of Windows API)?

Using the Windows RDP Client (mstsc.exe), I can share local resources with the host I'm connecting to.
For example if I share C:\, I can use it in the RDP session in \\tsclient\c.
What Windows API does the server side use to create the \\tsclient share?
(I'm not referring to the Virtual Channels within the RDP session, rather the Windows API calls for registering \\tsclient itself).
I'd like to create a virtual file system using the same approach, as an alternative to using a third party VFS driver such as Dokan or WinFsp.

Thingworx client for windows 10

I want to gather some information from a windows 10 machine over the internet using the thingworx platform.
Here's a scenario:
Admin logs into thingworx app
Exisiting or new computer (windows 10 ) is added (serial number computer)
Thingworx platform creates a thing based on a created template
User receives application key which will be entered on a client which is installed on the computer
Client is started based on event and sends data to thingworx platform
Communication is secured
Is there a best practice or even a client available / open source or Licence based which relieves the headache of security etc.?
Yes, alwaysOn is used mostly as web socket protocol for communication between devices & ThingWorx platform. Apart from these one case also use MQTT.
If you want to use for Demo/Academic Purpose then use Thingworx Academic Simulator. I have been using it for Testing many scenarios.
Download Link - http://apps.ptc.com/schools/software/ThingWorxAcademicSimulatorSetup.exe

Why is remote SmartCard not found when using RDP

I'm using Windows Server 2008 R2 which runs a VB6.0 application that uses a smartcard locally.
I then connect to this machine remotely using Remote Desktop Connection (6.3). However now the application shows the following error (SmartCard):
0x8010001d The Smart card resource manager is not running.
Research so far:
I don't want to use redirection as the card is on the remote machine already.
Using RDP the way I am trying to use it for is wrong and tightVNC is more appropriate (This does fix the issue)
Unsure - SCardEstablishContext API is returning that error because it gets an Access Denied error when trying to open an event called "Global\Microsoft Smart Card Resource Manager Started" with OpenEvent API. The default security for that event on Vista and Windows 7 specifies that only SYSTEM, LOCAL SERVICE and INTERACTIVE users have access to it. NETWORK SERVICE or non-interactive users won’t be able to access the event.
Why is the SmartCard not being recognised?
Any Information would be appreciated.
NOTE: The smartcard works fine when the application is on Windows Server 2008 R2 - however only fails when connecting remotely.
It is not possible, you can't use the locally plugged smartcard of the server you RDP into, as your session is redirected to the client then only the clients smartcard is accessible in the rdp session.
Microsoft made it like this for security reasons.
But there is a turn around, like sharing the device (smartcard reader, Usb token, Usb devices ) using software or hardware :
softawre examples (i only found paid solutions), see link
or hardware using a Device server but it doesn't work through WAN only LAN.
Use VNC instead of RDP
TLDR: Use VNC as a Windows Service
If you insist on using RPD, then you'll have to patch your RDP DLLs. If you don't want to do this, then instead use ANY OTHER PROTOCOL other than RDP. If it's a vmware VM, then just use the vcenter console. If it's an Azure VM where you don't GET a console, then just install VNC-server-softer on the server that has the Smart Cards and then access from somewhere else via VNC-client. "TightVNC" (https://community.chocolatey.org/packages/tightvnc) worked nicely for me.
There are two ways to run TightVNC server:
TightVNC Server (Service Mode) -- Connecting with VNC-client will take you to the Windows logon screen.
TightVNC Server (Application Mode)
You will need to run TightVNC as a Windows Service. Then you will start a NEW session. Otherwise you'll just be on top of the existing RDP session and still not see remote Smart Cards.
Long Version
If you RDP into a remote server, then that remote server's Smart Cards will be hidden. That behavior is baked into RDP and it is BY DESIGN.
You can optionally take your LOCAL Smart Cards along into the RDP session. (Via mstsc.exe's "Local Resources" tab and then checking "Smart cards".) But these are the Smart Cards connected LOCALLY to your laptop. And NOT the Smart Cards connected to the remote server.
So if you use RDP, then you have option to either see no Smart Cards at all (neither local, nor remote) or just see your LOCAL Smart Cards. To see the REMOTE Smart Cards is NOT possible via RDP.
This is by design inside RDP. And if you want to change it, then you have to manually patch some .DLL files. And somebody has actually done this. See this question here:
How to Access Remote USB Smartcard during RDP
Before you create your Remote Desktop session, click on "Show options". Under the "Local Resources" tab there is a "Local devices and resources" panel. Click the "More" button.
Click on "Smart Cards". No complete the remote desktop session.

Windows Store App, VPN, RAS Api

Our windows store app allows user to manage (create or dial) VPN profiles.
For this functionality we use
RAS Api (create and dial VPN profile)
RAS Api
Wlan Api (listen to wifi networks) - will be changed to classes with Windows.Networking.Connectivity in windows8
Wlan Api
We face following troubles for Windows Store application:
RAS API functions don't work properly under windows store application template (as example RasEnumDevices return error code 5 - Access Denied).
However it works good from desktop application launched on windows 8.
Question: how we could get RAS API to work under window store applications? If that is absolutely impossible - is there any other way to create VPN connection in app developed for Windows Store?
All user's VPN profiles stored by Windows OS in "..\Microsoft\Network\Connections\Pbk\rasphone.pbk", file could be found on file system manually, but we don't have access to this file via API, either we can't access it directrly. Current workarround uses own created PBK file located in users profile folder.
Question: how we could get access to system VPN connections stored in OS.
Thanks.
Hotspot Shield VPN for Windows offers private browsing to ensure the privacy of your web session.
Check it out here: http://www.anchorfree.com/hotspot-shield-VPN-download-windows.php

Detect name of computer that a WP7 is connected to via the USB cable

From this question I know it is possible to send data from a WP7 to the computer is connected via WCF service. I have a solution set up to this and it works quite well. The only problem is I must either hard code the name of the host computer or allow the user to configure it on the device themselves.
I would prefer to have this happen automatically, so is there a way to detect the name of the computer that the WP7 is connected to.
No, there is no way to query information about the host machine from within your app.
There would be a large potential security hole if an app could query information about the PC it was connected to.

Resources