1. HYPR
  2. HYPR Knowledge Base
  3. Product Troubleshooting
  4. Workforce Access Client
  5. Windows Operating Systems

Enforce Smart Card Authentication on Windows Workstation Using Group Policy Objects (GPOs) or the Registry

Last Updated:

Product: HYPR WFA 6.10 and above
Applicable Version(s): Windows 7.10 and above

This process requires Administrator access to the Windows Group Policy Editor or Registry Editor.

Instructions

In a smart card deployment, additional Group Policy settings can be used to enhance ease-of-use or security.

Method 1: GPO

The following smart-card-related Group Policy settings are in the Local Group Policy Editor under Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.

Group Policy Setting and Registry Key

Default

Description

Interactive logon: Require smart card

scforceoption

Disabled

This security policy setting requires users to sign in to a computer by using a smart card.

Enabled: Users can sign in to the computer only by using a smart card.
Disabled: Users can sign in to the computer by using any method.

Method 2: Registry Editor

  1. Locate the registry path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system.

  2. Look for the registry key scforceoption.

  3. Change the value to 1 to Enable or 0 to Disable it.

  4. This change will take effect during next session, which is created during log off, switching users, or rebooting.

When you are finished, only a trusted smart card or HYPR Workforce Access Client can be used to log into the Windows machine.

 

Version Date Comment
Current Version (v. 2) May 06, 2022 20:14 Khedron de León
v. 1 Oct 30, 2021 05:38 Nilesh Doiphode

Articles in this section

Was this article helpful?
2 out of 2 found this helpful