Can I use a Smart Card as my Deploy credentials?

Last Reviewed 03/02/2021


To identify why Smart Cards will not work with PDQ Deploy



The short answer is No.  While the PDQ Deploy consoles may be opened and used by users who log in with Smart Cards, Deploy must have a “background service” configured. This background service is simply a Windows service that exists on the console machine and it requires the same level of service authentication as any other Windows service such as SQL and Exchange.  Service accounts require traditional user/password combinations.  It's not possible to run Windows services with smart cards without also negating any security benefit derived from the use of smart cards (e.g. you need to have the smart card plugged into the server(s) 24/7 in order for the services to run).

If possible, you would need to modify your environment to allow service accounts to be excluded from smartcard authentication while still maintaining smartcard authentication for users that would log in to the machine locally.

Any “Deploy User” (the credentials used to run deployments) must also have the User Rights Assignment policy “Log on as a service” enabled. If this policy is not explicitly granted then PDQ products will make the assignment.  If your organization has policies that strip these assignments out or explicitly place them in the “Deny log on as a service” policy then those policies will need to be modified.


See Also:

Still have a question or want to share what you have learned? Visit our Community to get help and collaborate with others.