Creating a Virtual Smart Card
ActivID CMS provides a PowerShell script, CreateVSC.ps1, which you can run to create the virtual smart card.
If only one virtual smart card is to be used on the computer, you can run the script without additional parameters.
If more than one virtual smart card is to be used on the same computer, you need to call the script with a unique name for each card defined in the parameters -cardName <cardname>.
You must have local administrator privileges to run the script.
You might need to sign the script depending on the execution policy configured in your environment.
Since Microsoft’s SCCM executes commands in a x86 (32-bit) process by default, on x64 computers you need to force the x64 PowerShell to execute by including the full path in the SCCM command as follows:
%windir%\Sysnative\WindowsPowerShell\v1.0\PowerShell.exe -NoProfile -ExecutionPolicy Bypass –file %~dp0CreateVSC.ps1
For more details about this work-around, see Deployment of Powershell Scripts in a 64-bit Environment via SCCM on the Microsoft Technet forum.
Alternatively, you can create the virtual smart card using the TPM virtual smart card manager command-line tool (Tpmvscmgr.exe). To be compatible with ActivID CMS, the virtual smart card should be created with the:
Default Admin Key (/adminkey default parameter).
File system generation (/generate parameter).
For further information, go to
Both procedures create a virtual smart card with a GIDS profile that can be used with a Mini Driver embedded in Microsoft Windows.
The PIN policy is defined by the creation script with the following settings:
Uppercase, lowercase, digits and special characters are allowed
Minimum PIN length – 8
Maximum PIN length – 25
Maximum number of PIN tries – 5
No check for weak PIN
After the virtual smart cards are created, users can self-issue them (that is, load PKI keys and certificates) using the ActivID CMS User Portal. See detailed instructions in the HID ActivID Credential Management System User Portal User Guide.