CAC Pass-Through is the process of using a Common Access Card (CAC) connected to the client device for authentication when logging on to a CAC-required site via a Windows VM. Users can also use the smart card within the session.

To utilize the CAC Pass-Through functionality this feature needs to be enabled at the team level. If you’re a Team Manager and uncertain if CAC Pass-Through has been enabled for your team, please reach out to contact support and we can confirm the status for your team.

Using CAC Pass-Through

If CAC Pass-Through has been enabled for your team, first connect to the desired host by clicking “connect.” Instead of using the default Directly from my Browser option, select the second option for the connection, Using a Remote Desktop Client. Clicking this will give you the option to download a remote desktop file as pictured below.

Click this button to download a RDP file to use for the session.

Note: These files are only good for 60 minutes, so it’s a best practice to download a new file each time you connect.

Once the file is downloaded, click the downloaded remote desktop file to access your CAC Pass-Through session in CONS3RT.

Note: Be aware the local CAC reader/machine can go to sleep and require reinsertion of the CAC.

Note: Microsoft Mac RDP clients can use the RDP session file, however inconsistent results are possible when passing CAC credentials through a given session.

Note: There may be a FIPS error when trying to connect to the USAF Desktop through a Mac client

CONS3RT Supported Systems

For each of the systems listed below, CAC Pass-Through functionality has been validated out of the box, required nothing additional on the client (although certs must be loaded onto the VM for access to DoD sites).

Supported Operating Systems:
USAF Standard Desktop (Windows 10)
Windows 2012 R2
Windows 2016
Windows 2019
Windows 10
Windows 2008 R2

More Help

See this process in action with our video tutorials: