Skip navigation

JSI Tip 6237. How do I force an attempt to unlock a workstation to require online authentication?

When you log on to a computer, the Winlogon service stores a hash of your password. When you attempt to unlock the workstation, if the password you enter matches the password hash, the workstation is unlocked. If the password does NOT match the hash, a log on is attempted, and if successful, the local hash is updated and the workstation is unlocked. If the log on fails, the unlock will fail.

The above process limits network traffic.

If you prefer to force a log on, instead of relying on the hash:

1. Copy / Paste the following to a ForceUnlockLogon.reg file:

REGEDIT4

\[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\]
"ForceUnlockLogon"=dword:00000001

2. Merge the ForceUnlockLogon.reg file with your registry, or run regedit /s ForceUnlockLogon.reg.

3. This change will take effect after the next restart.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish