is it possible to force Windows to require a user to use a Smart Card to unlock a session (e.g. unlocking a screen saver or returning from sleep mode) if the initial logon they performed was with a Smart Card?
My organization will be leveraging Authentication Mechanism Assurance and I don't want a user able to initially logon with a Smart Card, and then have someone else step in with a username/password combo for the same account and operate the session as if they had the smart card. Admittedly, an unlikely scenario, but one I need to have answers for.
I'd like to make it so that if a user initially authenticated with a Smart Card, they cannot unlock their session without it.
Is this possible?
Thanks in advance.