Enforce Smart Card Authentication on Windows Workstation Using Group Policy Objects (GPOs) or the Registry

Product: HYPR WFA 6.10 and above
Applicable Version(s): Windows 7.10 and above

This process requires Administrator access to the Windows Group Policy Editor or Registry Editor.

Instructions

In a smart card deployment, additional Group Policy settings can be used to enhance ease-of-use or security.

Method 1: GPO

The following smart-card-related Group Policy settings are in the Local Group Policy Editor under Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.

Group Policy Setting and Registry Key

Default

Description

Interactive logon: Require smart card

scforceoption

Disabled

This security policy setting requires users to sign in to a computer by using a smart card.

Enabled: Users can sign in to the computer only by using a smart card.
Disabled: Users can sign in to the computer by using any method.

Method 2: Registry Editor

  1. Locate the registry path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system.

  2. Look for the registry key scforceoption.

  3. Change the value to 1 to Enable or 0 to Disable it.

  4. This change will take effect during next session, which is created during log off, switching users, or rebooting.

When you are finished, only a trusted smart card or HYPR Workforce Access Client can be used to log into the Windows machine.

 

Version Date Comment
Current Version (v. 2) May 06, 2022 20:14 Khedron de León
v. 1 Oct 30, 2021 05:38 Nilesh Doiphode
Was this article helpful?
0 out of 0 found this helpful