Tim, Thanks again for helping here. I have one more question based on your answers below -- William Q. Coleman Centrify Corporation
What's happening here is you actually have two smartcard middlewares installed. One is ActivClient, which is a complete CAPI CSP. The other is a PIV smartcard "minidriver" MS released under the Base SmartCard CSP framework. See here:
http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599b ac8184a/sc_minidriver_specs_V5.doc
Win7 will fetch this minidriver from WSUS when it detects a PIV smartcard. Unfortunately this driver isn't completely appropriate for CACs. It'll work, but there are differences between it and ActivClient.
I know that it¹s possible to shut off this ³mini-driver² system and ignore Win7¹s detection mechanism. If do this, remove Actividentity, then I have no real help here? Since I need some middleware to handle the card, otherwise, there are no drivers to handle this problem. If Win7 defaults to the PIV cert, then it will only accept that longer EDI/PI number in AD (which works fine btw). However, to have one sign-on, the Mac needs the shorter CAC EDI/PI number, which also works. I¹m just thinking out loud here, in that one disabling all the available smart-card middleware, you are really still stuck since you have nothing to help windows read the card for authentication, correct?