Can I use a Smart Card as my Deploy credentials?

4/26/2018 2950 Contributors


To identify why Smart Cards will not work with PDQ Deploy



The short answer is No.  While the PDQ Deploy consoles may be opened and used by users who log in with Smart Cards, Deploy must have a “background service” configured. This background service is simply a Windows service that exists on the console machine and it requires the same level of service authentication as any other Windows service such as SQL and Exchange.  Service accounts require traditional user/password combinations.  It's not possible to run Windows services with smart cards without also negating any security benefit derived from the use of smart cards (e.g. you need to have the smart card plugged into the server(s) 24/7 in order for the services to run).

If possible, you would need to modify your environment to allow service accounts to be excluded from smartcard authentication while still maintaining smartcard authentication for users that would login to the machine locally.

Any “Deploy User” (the credentials used to run deployments) must also have the User Rights Assignment policy “Log on as a service” enabled. If this policy is not explicitly granted then PDQ products will make the assignment.  If your organization has policies which strip these assignments out or explicitly places them in the “Deny log on as a service” policy then those policies will need to be modified.


See Also: