2 Replies Latest reply on Oct 28, 2019 7:27 AM by JAClan

    Smart Card behavior changes when App Volume is attached.

    JAClan Lurker

      Hi. Just some quick environment info. We are running Horizon 7.9 with Windows 10 1809 instant clones, UEM, and AppVolumes 2.18. We are in a DoD environment and have to follow the rules regarding smart card logins and behaviors. If a user is not entitled to an AppVol everything functions normally but as soon as an AppVol is attached the smart card behavior changes.

       

      Our biggest issue currently is that the work stations do not lock when a user with an AppVol attached pulls their CAC. Interactive logon: Smart card removal behavior" to "Lock Workstation" is set via GPO. If I check the registry HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\scremoveoption it is set to "1" which is the value to lock the workstation. The registry value remains a "1" whether the user has an appvol attached or not. Part of the strange behavior is that the very first time a user pulls their CAC after logging in, the work station will lock but fails to lock any subsequent times a user pull their CAC. If I remove them from an appvol the behavior returns to normal.

       

      I'm guessing a registry valued got captured during the AppStacks creation process and is somehow tacking precedence over what is in HKLM on the VM. Has anyone else ever observed this behavior?

       

      Thanks,

      Jesse

       

      EDIT: This behavior was not an issue on our old Horizon 7.4 environment utilizing AppVols 2.17 and Windows 10 1703

       

      EDIT 10/25/19 not sure why or how this post got marked 'Solved' it most definitely is not.