Article Number
000035250
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.3.x
Platform: Windows 8.1
Issue
Whenever a Windows update invokes an automatic system restart (for example, if a user installs updates using the Start menu Update and Restart option) , the user has to reboot the Windows 8.1 laptop twice before he gains access to his machine. After the Windows update followed by a reboot, the user sees the RSA SecurID prompt. The user types his login and passcode and is prompted with the Windows password prompt. After submitting the password, it loops backs to the RSA prompt. The user types his passcode and receives the Windows password prompt. The user submits his password multiple times but cannot log on. The prompt then becomes unresponsive. The user has no choice but to reboot the machine.
Cause
Locking the desktop immediately after the first logon following Update and Restart is the default behavior on Windows starting with Microsoft Windows 8.1 and Microsoft Server 2012 R2.
Resolution
The behavior is controlled by a Microsoft policy named
Sign-in last interactive user automatically after a system restart (details below). Disabling the policy avoids the problematic locking of the user desktop. To implement the workaround:
- Open the relevant Group Policy Editor (gpedit.msc for local policies or the Group Policy Management tool for domain policies).
- Open Computer Configuration > Administrative Templates > Windows Components > Windows Logon Options.
- Open the policy Sign-in last interactive user automatically after a system restart.
- Set the policy to Disabled.
- If you are setting a domain policy, force a policy refresh; for example by invoking gpupdate /force from the command line.
Workaround
Disable the Microsoft Group Policy Sign-in last interactive user automatically after a system-initiated restart to prevent the Windows auto-logon/auto-lock behavior.
