Hi, I have a question between Windows account log on and smart card log on using Windows 7. I created one of Windows account and one of smart card account for user log on. If log on with smart card->enter OS->remove smart card- or smart card reader-> screen is locked and back to log in page, this behavior is fine. If I log on using Windows account-> insert smart card->remove the smart->screen locked but if I log on using Windows account-> insert smart card->remove the smart Reader->screen will not locked how can I do something to solve this issue?

Hi, I would like to discuss this issue with you based my research and knowledge. 1. If you log on with smart card->enter OS->remove smart card- or smart card reader-> screen is locked and back to log in page. The system verifies the credential via the Smart Card. In this authentication mechanism, when the card is removed, certificates in the temporary secure cache store are removed. The Certificates are no longer available for logon, but they remain in the user's certificate store (MYSTORE). You may refer to this. Certificate Enumeration This behavior occurs is caused by the Group Policy setting Interactive logon: Smart card removal behavior has been set to Lock Workstation. You can refer to this. Smart Card Group Policy and Registry Settings Please note, it requires the Smart Card Removal Policy service must be started. 2. If you log on using Windows account-> insert smart card->remove the smart->screen locked. As I mentioned above, the system recognizes the Smart Card has been removed. It meets the condition of Interactive logon: Smart card removal behavior. As a result, the system locks automatically. 3. if you log on using Windows account-> insert smart card->remove the smart Reader->screen will not locked. In my opinion, the system should recognize the device has been unplugged instead of removing the Smart Card. Because of the system verifies the credential in the traditional way, the Smart Card certificates in the temporary secure cache store are removed should not affect the current logged account.Kim Zhou TechNet Community Support

Hi Kim, Very thanks for your reply. so, the smart card certificates is removed if reader is unplugged. have a way to lock current logged account if i remove reader?

Hi, I would like to discuss this issue with you based my research and knowledge. 1. If you log on with smart card->enter OS->remove smart card- or smart card reader-> screen is locked and back to log in page. The system verifies the credential via the Smart Card. In this authentication mechanism, when the card is removed, certificates in the temporary secure cache store are removed. The Certificates are no longer available for logon, but they remain in the user's certificate store (MYSTORE). You may refer to this. Certificate Enumeration This behavior occurs is caused by the Group Policy setting Interactive logon: Smart card removal behavior has been set to Lock Workstation. You can refer to this. Smart Card Group Policy and Registry Settings Please note, it requires the Smart Card Removal Policy service must be started. 2. If you log on using Windows account-> insert smart card->remove the smart->screen locked. As I mentioned above, the system recognizes the Smart Card has been removed. It meets the condition of Interactive logon: Smart card removal behavior. As a result, the system locks automatically. 3. if you log on using Windows account-> insert smart card->remove the smart Reader->screen will not locked. In my opinion, the system should recognize the device has been unplugged instead of removing the Smart Card. Because of the system verifies the credential in the traditional way, the Smart Card certificates in the temporary secure cache store are removed should not affect the current logged account.Kim Zhou TechNet Community Support

Hi, Based my research, we may not be able to achieve it on Microsoft site.Kim Zhou TechNet Community Support