We recently implemented smart card logins for our Domain.
It all works great except for one little oddity. Accounts that have "Smart Card Required for Interactive Logon" checked can't connect to anything, RDP or otherwise, via IP. Using hostnames works fine.
(Throws that classic "a user account restriction is preventing you from logging on" when using IPs)
Especially odd is that the one priviliged account we use where we activated that option, and then disabled it again (so it can do interactive logons without smartcard again) still can't connect to hosts via. IP, only via hostname.
Does changing that setting set a special flag on that account that doesnt get unset after disabling the option? Something regarding NTLM or Kerberos maybe?