Share via

rdp and smart card

Sergio Marelli 0 Reputation points
2025-04-16T09:36:49.7466667+00:00

hi, I have some PCs in the office with Windows 10, in domain, with smart card reader. If I access locally, in the office, I am presented with the PIN request popup. If I access remotely with RDP and the smartcard is inserted in the PC in the office, the popup does not appear, but I see the management software start regularly

thanks

Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Daphne Huynh (WICLOUD CORPORATION) 160 Reputation points Microsoft External Staff Moderator
    2025-07-23T09:51:07.0866667+00:00

    Welcome to the Microsoft Q&A Platform and thank you for posting your question!

    Based on your description, when you access a domain-joined Windows 10 PC locally with a smart card inserted, you are correctly prompted to enter the PIN. However, when accessing the same machine remotely via RDP, while the smart card remains inserted in the local office PC—the PIN prompt does not appear, even though the smart card management software appears to launch successfully.

    This behavior is typically caused by smart card redirection settings in the Remote Desktop session and associated Group Policy configurations.

    I would like to share a few steps that may help resolve the issue you are encountering.

    1. Check RDP Client Settings (mstsc)

    Ensure that smart card redirection is enabled in your RDP client:

    1. Open Remote Desktop Connection (mstsc).
    2. Go to the Local Resources tab.
    3. Click More under “Local devices and resources”.
    4. Make sure Smart cards (and optionally other relevant devices) are checked.
    5. Save and reconnect to the target PC.

    This allows the smart card on the client side (your office PC) to be redirected and accessible in the remote session.

    2. Verify Group Policy Settings

    Smart card redirection can also be affected by Group Policy. On the target machine (the PC you are connecting to), check the following settings via the Group Policy Editor (gpedit.msc):

    Navigate to:

    Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection

    Ensure the following policies are configured as needed:

    • Do not allow smart card device redirection: Set to Disabled (or Not Configured) to allow redirection.
    • Allow RDP redirection of other supported RemoteFX USB devices from this computer: Set to Enabled if you plan to redirect other smart card-related devices.

    After making changes, either run gpupdate /force or reboot the system to apply the policy updates.

    Notes:

    • Ensure the Smart Card service (SCardSvr) is running on both client and host machines.
    • If smart card software is vendor-specific, confirm that it supports remote redirection over RDP.
    • In some cases, trying another RDP client (e.g., the Windows Store Remote Desktop app) may produce different results.

    Please let me know how it goes, I am happy to assist further if needed. Wishing you a successful resolution and a great day!

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.