This is a good point I did not consider. What I have managed to do is change the CERT_KEY_PROV_PROP_ID structure for all certs in the current users store such that the container name is in Type I format and this does seem to work.
At what point though would that process attempt to read the store of the “other user”? Or is it possible that the flow of this process is such that it tries to use the cert directly off the selected card? Which I am guessing is not true since the above test worked.
I don’t suppose there is a way to force Type I container naming to be used?
I am referring to Type I as \.[reader name][container name]
Thanks,
Nik Twerdochlib
Software Developer
+1.601.607.8309 O
+1.866.522.8678 F
BOMGAR | Enterprise Remote Support™
One of the Fastest-Growing Technology Companies in America | Technology Fast 500™
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@microsoft.com
Sent: Friday, May 25, 2012 4:00 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Smart Card Certs, Run As and Run As Other User
This is probably because when you run as another user, that other user doesn’t have the certificate available in their personal certificate store, therefore it’s not possible to locate the private key.
-Jeff
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer