Require re-authentication to run application with alternate account

You use this group policy to specify that users running an alternate account must re-authenticate. By default, this policy is false.

You set up alternate accounts in Privileged Access Service. Alternate accounts are a way that you can allow a user to access a privileged account.

There are two settings for this group policy:

  • By default, when this policy is Disabled or Not Configured, after the user selects the option to run an application with an alternate account, they will not be prompted to re-authenticate.
  • When this policy is Enabled, the user who runs an application using an alternate account will need to re-authenticate. To specify how long before the user is prompted for re-authentication, you define that grace period in the Configure Windows authentication grace period for run with alternate account policy.