Can I use a Smart Card as my Inventory credentials?

4/26/2018 2406 Contributors


To identify why Smart Cards will not work with PDQ Inventory



The short answer is No.  While the PDQ Inventory consoles may be opened and used by users who log in with Smart Cards, Inventory must have a “background service” configured. This background service is simply a Windows service that exists on the console machine and it requires the same level of service authentication as any other Windows service such as SQL and Exchange.  Service accounts require traditional user/password combinations.  It's not possible to run Windows services with smart cards without also negating any security benefit derived from the use of smart cards (e.g. you need to have the smart card plugged into the server(s) 24/7 in order for the services to run).

If possible, you would need to modify your environment to allow service accounts to be excluded from smartcard authentication while still maintaining smartcard authentication for users that would login to the machine locally.

Any “Inventory User” (the credentials used to run scans) must also have the User Rights Assignment policy “Log on as a service” enabled. If this policy is not explicitly granted then PDQ products will make the assignment.  If your organization has policies which strip these assignments out or explicitly places them in the “Deny log on as a service” policy then those policies will need to be modified.


See Also: