| trebor 2001-10-01, 8:41 am |
| I was looking in the Windows 2000 Server Resource Kit about when it is appropriate to make separate forests and domains. Then I came across this:
"Logging on using a smart card relies on a user principal name. Default UPNs must be used for a cross-forest logon process that uses smart cards to work."
So using Smart Cards is requires a separate password policy thus requiring a separate domain.
I seemed to remember a scenario one time where smart cards were assigned to an OU which needed extra security.
Where have I gone wrong?
Trebor |