http://social.technet.microsoft.com/wiki/contents/articles/11483.credential-roaming.aspx#Smart_Card_Certificates_Become_Available_in_a_Different_User_Profile
If > 1 user performs an interactive logon to any system that can see into a smart card, then the certificates (though not the private keys) on that smart card will end up in other user(s) profiles. Is my understanding correct here? Also...
- Is behavior the same when the smart card is protected by a PIN?
- It seems like the article suggests this behavior: if any user logging into a system that can see into a smart card is configured for credential roaming, all logged on profiles will not only pull the certificates from the smart card into their MY store - but those certificates will also start roaming with those profiles.
These issues seem like a massive roadblock to killing off passsword-only authentication for my sensitive users. Although it seems like private keys remain protected - if there is no way to eliminate these behaviors - we will rapidly see many certificates from varying users spread across other profiles and roamed all over the place as part of normal workflows.
Is there no way to limit smart card visibility to the user that plugged it in / entered the PIN to unlock it? Are smart cards only read under non-user (aka system) context(s) and that's the whole root of the problem?
born to learn!