Interactive logon: Require Domain Controller authentication to unlock workstation

Logon information must be provided to unlock a locked computer. For domain accounts, this security setting determines whether a domain controller must be contacted to unlock a computer. If this setting is disabled, a user can unlock the computer using cached credentials. If this setting is enabled, a domain controller must authenticate the domain account that is being used to unlock the computer.

Important

This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers.

Policy path: 

Computer Configuration\Windows Settings\Local Policies\Security Options

Comments: 

Important: This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers.

Default: 

Disabled

Supported on: 

At least Windows XP SP2, Windows Server 2003

Registry settings: 

MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon

Reboot required: 

No

Related content