Information
This policy setting ensures that all Active Directory user accounts, including administrators, are configured to use a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication.
Requiring two-factor authentication provides a higher level of security, and therefore credentials are less likely to be compromised.
Solution
To configure all user accounts, including administrator accounts in Active Directory to enable the option
Smart card is required for interactive logon
, do the following:
- Open
Active Directory Users and Computer
- Right click the user account and select
properties
- Select the
account
tab
- Ensure
Smart card is required for interactive logon
is checked
Impact:
Users will have to carry a form of two-factor authentication.