Logon information must be provided to unlock a locked computer. For domain accounts, this security setting determines whether a domain controller must be contacted to unlock a computer. If this setting is disabled, a user can unlock the computer using cached credentials. If this setting is enabled, a domain controller must authenticate the domain account that is being used to unlock the computer.
Important
This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers.
Policy path:
Computer Configuration\Windows Settings\Local Policies\Security Options
Default:
Disabled
Supported on:
At least Windows XP SP2, Windows Server 2003
Registry settings:
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon
Reboot required:
No
Comments: