Hello,

We are currently in our pre-deployment test phase for Windows 8.1 and are trying to knock out the high visibility problems that we notice.  One of the issues we've noticed:

When logging into Windows, the default prompt is for a username/password.  all of our users are using smart cards, so they have to click "sign-in options", click the smart card icon, and then enter their PIN.  How would I change the startup screen to default to smart card?

Also, when locking the screen by removing the card it again prompts for the username/password when unlocking the screen.  So the users again have to click on "sign-in options" and select the smart card, otherwise they risk locking out their account by entering the PIN in the username/password field.

when locking the screen via ctrl-alt-del or windows-L unlocking does default to the smart card, so I know it can be done! 

thanks,

-Nick

Hi,

I'm afraid we couldn't change the Sign-in Options order, I checked GP and Registry, there is no way to do it.

However, there is another way is just enable "Require smart card" In GP. While after this policy enabled, All users will have to use smart cards to log on to the network. This means that the organization must have a reliable public key infrastructure (PKI) in place, and provide smart cards and smart card readers for all users.

Location: GPO_name\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

Thanks Roger.  I enabled that policy setting, but it still defaults to username/password, it just no longer lets me log in with a username/password ("You must use a smart card to sign in.")

also tried removing the requirement for ctrl-alt-del but no luck.

I know on Windows 7 this does work (after a restart it comes up to the logon screen at "Insert a smart card", and it's also working from the lock/unlock screen on both windows 7 and windows 8.

is there a way to modify the credential providers order for initial logon so that it checks the "Smartcard Credential Provider" first? It seems like that's what it does for the unlock. The credentials providers I'm looking at are located in: hklm\software\Microsoft\windows\currentversion\authentication\credential providers

 

hi 

we've got the same problem, did you find a solution?

nope, unfortunately still no solution.  We're in our final pilot phase of the deployment and will be continuing on to the general user population next month.  It'll be a little inconvenient for the users, but it's not a show stopper I guess.

Nick,

Were you ever able to resolve this issue?