| Yubico Forum https://forum.yubico.com/ |
|
| [QUESTION] Way to lock Windows 10 after key removed? https://forum.yubico.com/viewtopic.php?f=35&t=2602 |
Page 1 of 1 |
| Author: | rodrigocarrilho [ Wed Mar 15, 2017 6:28 pm ] |
| Post subject: | [QUESTION] Way to lock Windows 10 after key removed? |
Hey guys, I just acquired a yubikey 4 and set it up to work with Windows hello and also the other windows tools for added security. I noticed, however, that it does not lock automatically, is there a way of doing this? Thanks in advance! Rodrigo Carrilho |
|
| Author: | NGTmeaty [ Fri Mar 24, 2017 10:42 pm ] |
| Post subject: | Re: [QUESTION] Way to lock Windows 10 after key removed? |
@Tom This would be awesome +1 |
|
| Author: | ChrisHalos [ Sat Mar 25, 2017 4:29 am ] |
| Post subject: | Re: [QUESTION] Way to lock Windows 10 after key removed? |
That would be completely up to Microsoft's evolution of the Compact Device Framework. As you can seen from the notes on the how-to, the current functionality is extremely limited and it's not possible to implement this given the current state of CDF. It's not currently possible to login with the YubiKey using Windows Hello, you can't require the YubiKey to unlock the system, and given that it wouldn't be possible to lock the system when the YubiKey is removed. Even if it were possible, it would work fine for the YubiKey 4, but not for the YubiKey NEO. If you send an OTP or use U2F, the smart card has to be "ejected" on the NEO (since is uses javacard applets) - this would cause the system to lock in this scenario. This same problem is present if you're using the NEO in a domain environment and you set the Group Policy option for locking the system when the smart card is removed. |
|
| Author: | nesos [ Sun Sep 10, 2017 10:09 am ] |
| Post subject: | Re: [QUESTION] Way to lock Windows 10 after key removed? |
if you are a programmer or someone else read this a simple idea could be: -check every second if yubikey is inserted (this is for sure possible because is listed in device manager. but i don't know how) -if not lock the pc (sendkeys win+L or run "shutdown -h" that hibernate the pc. should be two simple solutions) microsoft could make a better solution obviously but this one should be ok. |
|
| Author: | techwg [ Sun Sep 24, 2017 9:03 pm ] |
| Post subject: | Re: [QUESTION] Way to lock Windows 10 after key removed? |
Here is some code I got help to write for the AutoIt scripting language. I do not like to use it because I do not understand it. So if the code stopped working I would not know how to fix it. But this checks to see if the yubikey of a certain serial number is inserted or not. You check every second or two and if it is not inserted perform some action like locking the PC or something and when it is inserted go back into a loop of checking again. Code: Func CheckForYubikey($input) $Output = "" $object = ObjGet("winmgmts:\\" & $strComputer & "\ROOT\CIMV2") $items = $object.ExecQuery("SELECT DeviceID FROM Win32_Keyboard", "WQL", _ $wbemFlagReturnImmediately + $wbemFlagForwardOnly) If IsObj($items) Then For $objItem In $items If StringInStr($objItem.DeviceID, $YubikeySerialNumber) Then Return True Next Else Return False EndIf Return False EndFunc ;==>CheckForYubikey EDIT, I should add this no longer works with my new Yubikey. It works for the old one but I think it no longer is a "keyboard" so this never sees the entry with my new serial number on it. Case in point, I am clueless as to how to tweak that code to make it work with what ever is the new "type" of device windows sees this as. But this is a proof of concept with the older v2.2.2 firmware devices. It worked flawlessly. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|