Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, January 25, 2019 11:23 PM
I have a strange situation. We deploy new machines and the smart card GPO is in place, the service starts and everything works quite well.
Once we start the updates the card will randomly stop working when removed, meaning it will no longer lock the workstation. the behavior is random, we do not know what cause it, or which update if any is the culprit.
All replies (6)
Saturday, January 26, 2019 12:15 AM
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\
Interactive logon: Smart card removal behavior
Make sure the Lock Workstation in the Properties dialog box for this policy is selected.
You may also use any third party related tool.
You may track this behavior with Process Monitor
S.Sengupta,Microsoft MVP Windows and Devices for IT, Windows Insider MVP
Saturday, January 26, 2019 1:20 AM
Know issue dude, https://www.theexperienceblog.com/2016/04/14/smart-card-removal-does-not-lock-the-machine-in-windows-10-nor-previous-windows-versions/
We have the same exact problem.
-- Adam
Monday, January 28, 2019 5:27 AM | 1 vote
Hi,
It's recommended to install latest updates to avoid some known issue: run check for updates and install them.
You could also have a look at Interactive logon: Smart card removal behavior.
Please check the setting of Interactive logon: Smart card removal behavior to Lock Workstation:
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
Best regards,
Yilia
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Tuesday, January 29, 2019 1:46 PM
Updates has nothing to do with it since it has been reported as early as 2016. Make sure there are no conflicting controlling GPOs or OU conflicting memberships applied to the computer you are having issues with. Make sure that Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\policies\System\ScForceOption=1 exists.
You can compare GPOs using the policy analyzer
-- Adam
Wednesday, January 30, 2019 8:24 AM
Hi,
Is there anything I can do for you?
If you have any problems or concerns, please feel free to post here.
Best regards,
Yilia
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Thursday, January 31, 2019 2:43 AM
I can confirm that in my case, the entity copied over Win7 GPOs, applied them along with some other win10 GPOs and interminably they change each other settings. I would recommend setting a computer in a domain OU which blocks inheritance of all GPOs, apply a local GPO for smart card settings and test
-- Adam