Can I make remote Windows 7 see Smart Card Reader when connecting via Remote Desktop?

I have two machines:

Machine A is running Windows 7
Machine B is running Mac OS X 10.6.4

Machine A has VPN software installed and must connect to the VPN using Smart Card Authentication. The Smart Card is inserted.

I can log on locally to machine A and log on to the VPN. After I am connected, I am able to use Remote Desktop Connection on B to connect to A and do my work as normal.

However, if I connect to A via B BEFORE logging on to the VPN, A says there is no Smart Card reader installed, so I am unable to connect to the VPN.

How can I make machine A stop disabling the Smart Card reader when I connect to the machine via RDP?

Robert S Ciaccio

Posted 2010-09-27T01:11:00.907

Reputation: 1 470

Doesn't rdesktop tunnel the smart card reader of the client to the remote system? Don't know if OS X rdesktop supports smart cards (smart card support in OS X is not the best), maybe you can use a reader attached to machine B to open the VPN connection from A (I would not bet on it though) – martin – 2010-09-27T17:21:24.750

Answers

It is not possible. When connecting remotely using RDP, Windows enables some remote smartcard services which disables local smartcards until RDP client supports smart card redirection (at least for most smart card readers). Windows Remote Desktop for Mac does not support this.

You might be successful using rdesktop which can make use of smartcards. You will find it in all major package managers like homebrew, macports and fink.

I've checked all third-party RDP clients I could find, none were supporting smart card redirection.

Only possibility: Only connect using VNC or other software - I am using Teamviewer for this purpose. Not sure about whether someone else may be connected using RDP at the same time you connect.

Jens Erat

Posted 2010-09-27T01:11:00.907

Reputation: 14 141

From Microsoft's Troubleshooting Smart Card Plug and Play Issues:

Remote Desktop connections and smart cards

Smart card Plug and Play works only for local sessions on a computer. The smart card driver must be installed on the local computer before attempting to use smart cards with Remote Desktop connections. The driver can be installed by inserting a Plug and Play–compatible smart card in a smart card reader on the local computer or by manually installing the driver. For information about manually installing drivers, see Manually Install a Smart Card Driver in this guide.

So it seems that computer B must have a Smartcard driver installed in order to use via RDP the Smartcard reader on computer A.

harrymc

Posted 2010-09-27T01:11:00.907

Reputation: 306 093

what is "Smart card Plug and Play? – Robert S Ciaccio – 2010-10-07T06:22:19.853

This means that users of Windows 7 can use smart cards from vendors who have published their drivers through Windows Update without needing special middleware. These drivers will be downloaded in the same way as drivers for other devices in Windows. If an appropriate driver is not available from Windows Update, a PIV-compliant minidriver that is included with Windows 7 is used for these cards. – harrymc – 2010-10-07T07:28:41.027

As the Smartcard is not directly connected to B, no driver is installed by Plug and Play. – harrymc – 2010-10-07T07:29:47.373

right, but the driver is already installed on A. I want to prevent the behavior that occurs where Windows decides to pretend that no smart card reader exists on A when I'm connected via remote desktop. I want to avoid this knowledge-base described behavior all together and get Windows to use the smart card I already have connected to A. – Robert S Ciaccio – 2010-10-07T14:55:16.743

But does it work when the driver is installed on B? (can always uninstall later on) – harrymc – 2010-10-07T18:10:32.237

B is OS X. As far as I know, there is no Dell Smart Card driver for OS X. – Robert S Ciaccio – 2010-10-08T13:56:48.080

It might help to set up the Win7 machine as a Remote Desktop Gateway server. See http://windows.microsoft.com/en-US/windows7/What-is-a-Remote-Desktop-Gateway-server

– harrymc – 2010-10-08T16:23:10.183