000014243 - Microsoft Windows 7 desktop will not lock when RSA SecurID SID800 token is removed

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Jun 6, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000014243
Applies ToRSA Product Set:   SecurID
RSA Product/Service Type:  Authentication Client (RAC)
RSA Version/Condition:  3.5.x
Issue
  • Microsoft Windows 7 desktop will not lock when the RSA SecurID SID800 token is removed from the USB drive.
  • Customer requires that the computer lock when the end user unplugs the SID800 token from the computer.
  • Even with a corresponding GPO in the Active Directory set, Windows 7 will refuse to lock the computer after the token has been removed from the reader.
CauseMicrosoft chose to create a new system service called Smart Card Removal Policy and it is set to Manual.
ResolutionMake sure the GPO policy for lock desktop on smart card removal is set and that the Smart card Removal Policy service is enabled and running.
For information on having a desktop lock when the SID800 is removed, see this article on screen lock timeout Group Policy.
 
Legacy Article IDa52884

Attachments

    Outcomes