YubiKey Minidriver Installation

The YubiKey Minidriver (YKMD) must be installed on all machines where the YubiKey is used as a smart card for access. These include servers to which users remotely connect, as well as the connecting PC. The YubiKey Minidriver can be downloaded directly from the Yubico website at Smart card drivers and tools. Scroll down the page to YubiKey Smart Card Minidriver (Windows).

Note

The YubiKey Minidriver is no longer available through Microsoft Windows Update.

When installing the YubiKey Minidriver, there are two Windows installer options. Download the YubiKey Minidriver installer file appropriate to the method you are using. See YubiKey Smart Card Minidriver (Windows).

MSI installer

Using either the Windows GUI or Command line

We recommend using the MSI installer through the Windows command line for local installations and remote computers and Servers. See Installing on Networked Systems.

If the MSI installers are blocked, use the CAB installation method.

CAB file

For large enterprise deployments, Yubico recommends using the CAB file in conjunction with a Group Policy Object Endpoint Configuration utility. This allows installing on to domain-connected machines. See Installing on Networked Systems.

Yubico recommends using any software management platform already in place to deploy the YubiKey Minidriver to an enterprise environment.

To deploy the YubiKey Minidriver with specific settings, such as with legacy_nodes and silent_install, requires an .mst file to enable these options in addition to the GPO.

To download the YubiKey Minidriver:

  1. Go to Smart card drivers and tools.

  2. Scroll down the page to YubiKey Smart Card Minidriver (Windows).

  3. Select the 32 or 64 bit installer as appropriate for the environment it is installed on.

    For automated update installations, use the file name latest in your filepath.

For information on setting up a Windows Certification Authority for smart card authentication or enabling enroll on behalf of permissions for administrators, see the Installing on Standalone Systems.

When using existing keys, the YubiKey Minidriver updates YubiKeys PIV containers to allow Windows to access credentials already present on the YubiKey for slots containing RSA and ECC keys with corresponding valid certificates if the keys and certificates are added manually through other tools. This function is blocked if the management key is manually changed using another tool.

Note

We recommend not provisioning credentials on the YubiKey using the Windows certificate enrollment dialogs (enabled by the YubkiKey Minidriver) in parallel with other tools such as the YubiKey Manager or Yubico Authenticator. If your environment uses Mac OS and Linux in conjunction with Windows PCs, use the YubiKey Manager instead of the YubiKey Minidriver and native Windows components. See the YubiKey Manager (ykman) CLI User Guide.