- I have CA on the same server (windows 2003) as my second domain server.
- I created certificate for my user
- In Administrative Tools->Active Directory Users and Computers->(My user)->Account tab->Account Options I've checked "Smart card is required for interactive logon" check box
From that moment Windows required me to login using my smart card.
After few days I wanted to disable it.
So again In Administrative Tools->Active Directory Users and Computers->(My user)->Account tab->Account Options I've disabled "Smart card is required for interactive logon" check box
But windows completly ignores this setting. Even this domain server on which I disabled it still requires me to use smart card.
What else should I do to disable smart card logon ?
Aha, found it.
MSKB article 892424 has one important sentence:
So I was unable to logon after disabling the check box because my password was set to some random value instead of my old password.
After resetting it, both password logon and smart card logon works.