Logon information must be provided to unlock a locked computer. For domain accounts, this security setting determines whether a domain controller must be contacted to unlock a computer. If this setting is disabled, a user can unlock the computer using cached credentials. If this setting is enabled, a domain controller must authenticate the domain account that is being used to unlock the computer.
This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers.
Computer Configuration\Windows Settings\Local Policies\Security Options
At least Windows XP SP2, Windows Server 2003