This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader.
The options are:
- No Action
- Lock Workstation
- Force Logoff
- Disconnect if a Remote Desktop Services session
If you click Lock Workstation in the Properties dialog box for this policy, the workstation is locked when the smart card is removed, allowing users to leave the area, take their smart card with them, and still maintain a protected session.
If you click Force Logoff in the Properties dialog box for this policy, the user is automatically logged off when the smart card is removed.
If you click Disconnect if a Remote Desktop Services session, removal of the smart card disconnects the session without logging the user off. This allows the user to insert the smart card and resume the session later, or at another smart card reader-equipped computer, without having to log on again. If the session is local, this policy functions identically to Lock Workstation.
Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server.
On Windows Vista and above: For this setting to work, the Smart Card Removal Policy service must be started.