Hello, we have a problem with no locking workstation when I remove smart card.
How is it look like. Whan I turn the computer, the first step is McAfee preboot screen where i need type PIN with inserted smardcard (PKI). Next step is loading windows and followed automatic SSO login. This is looking great. But..... Whan I remove card from reader so nothing happens and I'm still signed in. We have in GPO value "Lock Workstation" and when i turn off SSO in ePO DE policy its working correctly. Is there anybody who know where can be problem please?
The credentials which you enter in the MDE login screen are usually replayed to the windows login UI screen and that is how the SSO mechanism works.
If your GPO policies are defined for credential providers then when SSO is enabled MDE controls the automatic login functionality for windows, however MDE does not know to lock-down the machine when the card is removed. That is why when you disable SSO your GPO rules work.
I do not have an answer, however support can help you on the same if you raise a support ticket and support can check with dev to check your requirement in depth. Kindly share the GPO rule configurations in the support ticket.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.