To get started with virtual smart card usage, the first step is to create a virtual smart card (VSC) on the trusted platform module (TPM).
For users with admin rights
If the user has admin rights on the PC or laptop, and not the highest User Account Control (UAC) setting, a virtual smart card is created automatically when it is provisioned, that is, when certificates are issued.
If the above is not met (admin rights and UAC setting), a virtual smart card must be created some other way, normally by the IT department using available Windows tools.
To pre-create virtual smart cards, a script could for example be executed when the user logs in, to set a default admin key and transport PIN. The key and PIN can then be automatically changed during the provisioning process.
If VSC creation is granted (see the previous section), you can create virtual smart cards as if you have admin rights.