Interactive logon: Require Domain Controller authentication to unlock

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

Description

Logon information must be provided to unlock a locked computer. For domain accounts, this setting determines whether a domain controller must be contacted to unlock a computer. If this setting is disabled, a user can unlock the computer using cached credentials. If this setting is enabled, a domain controller must authenticate the domain account that is being used to unlock the computer.

Default: Disabled.

 Important

This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers.

For more information, see:

Security Configuration Manager Tools


Top of pageTop of page