Interactive logon: Require Domain Controller Authentication to Unlock WorkstationID: oval:gov.nist.usgcb.windowsseven:def:75 | Date: (C)2012-04-13 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
Logon information must be provided to unlock a locked computer. For domain accounts, this security setting determines whether a domain controller must be contacted to unlock a computer. If this setting is disabled, a user can unlock the computer using cached credentials. If this setting is enabled, a domain controller must authenticate the domain account that is being used to unlock the computer.
Default: Disabled.
Important
This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Require Domain Controller authentication to unlock workstation
(2) REG: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon!ForceUnlockLogon
Platform: |
Microsoft Windows 7 |