AnsweredAssumed Answered

Is there a way to use the Quick Unlock feature on Windows 10 in conjunction with the "Interactive logon: Don't display last signed-in" GPO setting?

Question asked by Robert Samson on Jul 18, 2019

Background:

In the past, I was able to have the Interactive logon:Do not display last user name GPO setting enabled along with Quick Unlock and it worked fine.  When a session was locked and the user went to unlock it, no user name was displayed and all they had to do was enter a password.  That actually still works on some Windows 10 machines in our environment that are on 1703 still.  However, all of our 1803 systems now prompt for Passcode every time to unlock.

 

If I remove the Interactive Logon part of the GPO, then they can do Quick Unlock again, but it shows the username.

 

I'm not sure if it is one or a combination of these factors, but Windows 10 changes the Interactive Logon setting after 1703 to Don't display last signed-in instead of Do not display last user name.  

 

We are running Agent 7.4.2 across our environment and I noticed in the release notes for Authentication Agent 7.4 that: AAWIN-2301 - Quick Unlock now displays a name for the logged-on user's deselected credential tile in Windows 10 console sessions.

 

However, that behavior doesn't seem to happen prior to Win 10 1703 even with agent version 7.4.2.

 

Question:

Is there a way to use the Quick Unlock feature on Windows 10 in conjunction with the "Interactive logon: Don't display last signed-in" GPO setting? 

 

We would like to continue with this scenario since we have systems in semi or non-secure areas with fairly aggressive lock times, but want to allow our users to have some respite from having to enter their passcode constantly to unlock the system.

Outcomes