Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 1:30 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Wed Mar 15, 2017 6:28 pm 
Offline

Joined: Wed Mar 15, 2017 6:07 pm
Posts: 2
Hey guys,

I just acquired a yubikey 4 and set it up to work with Windows hello and also the other windows tools for added security.

I noticed, however, that it does not lock automatically, is there a way of doing this?

Thanks in advance!

Rodrigo Carrilho


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Fri Mar 24, 2017 10:42 pm 
Offline

Joined: Fri Mar 24, 2017 10:38 pm
Posts: 1
@Tom

This would be awesome
+1


Top
 Profile  
Reply with quote  
PostPosted: Sat Mar 25, 2017 4:29 am 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
That would be completely up to Microsoft's evolution of the Compact Device Framework. As you can seen from the notes on the how-to, the current functionality is extremely limited and it's not possible to implement this given the current state of CDF. It's not currently possible to login with the YubiKey using Windows Hello, you can't require the YubiKey to unlock the system, and given that it wouldn't be possible to lock the system when the YubiKey is removed. Even if it were possible, it would work fine for the YubiKey 4, but not for the YubiKey NEO. If you send an OTP or use U2F, the smart card has to be "ejected" on the NEO (since is uses javacard applets) - this would cause the system to lock in this scenario. This same problem is present if you're using the NEO in a domain environment and you set the Group Policy option for locking the system when the smart card is removed.


Top
 Profile  
Reply with quote  
PostPosted: Sun Sep 10, 2017 10:09 am 
Offline

Joined: Thu Sep 07, 2017 5:16 pm
Posts: 9
if you are a programmer or someone else read this a simple idea could be:
-check every second if yubikey is inserted (this is for sure possible because is listed in device manager. but i don't know how)
-if not lock the pc (sendkeys win+L or run "shutdown -h" that hibernate the pc. should be two simple solutions)
microsoft could make a better solution obviously but this one should be ok.


Top
 Profile  
Reply with quote  
PostPosted: Sun Sep 24, 2017 9:03 pm 
Offline

Joined: Sun Sep 24, 2017 3:10 pm
Posts: 11
Here is some code I got help to write for the AutoIt scripting language. I do not like to use it because I do not understand it. So if the code stopped working I would not know how to fix it. But this checks to see if the yubikey of a certain serial number is inserted or not. You check every second or two and if it is not inserted perform some action like locking the PC or something and when it is inserted go back into a loop of checking again.

Code:
Func CheckForYubikey($input)
   $Output = ""
   $object = ObjGet("winmgmts:\\" & $strComputer & "\ROOT\CIMV2")
   $items = $object.ExecQuery("SELECT DeviceID FROM Win32_Keyboard", "WQL", _
         $wbemFlagReturnImmediately + $wbemFlagForwardOnly)
   If IsObj($items) Then
      For $objItem In $items
         If StringInStr($objItem.DeviceID, $YubikeySerialNumber) Then Return True
      Next
   Else
      Return False
   EndIf
   Return False
EndFunc   ;==>CheckForYubikey


EDIT, I should add this no longer works with my new Yubikey. It works for the old one but I think it no longer is a "keyboard" so this never sees the entry with my new serial number on it. Case in point, I am clueless as to how to tweak that code to make it work with what ever is the new "type" of device windows sees this as. But this is a proof of concept with the older v2.2.2 firmware devices. It worked flawlessly.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group