Enabling screen locking for smart card removal

Depending on what you consider best practices for using a smart card, you may want the screen to lock when a user removes the smart card. Enabling the Lock smart card screen policy creates a daemon that locks the screen if the user removes the smart card.

To enable screen locking when the smart card is removed from a computer:

  1. Edit the Group Policy Object (GPO) linked to a site, domain, or OU that includes Mac computers, expand User Configuration > User Configuration > Policies > Centrify Settings > Mac OS X Settings > Security Settings, then double-click Lock Smart Card screen.
  2. Select the Enabled option and click OK.
  3. Expand User Configuration > User Configuration > Policies > Centrify Settings > Mac OS X Settings > Security Settings, then double-click Require a password to wake this computer from sleep or screen saver to require a password to unlock the screen.
  4. Select the Enabled option and click OK.

This group policy creates a daemon that listens for the smart card removal event and locks the screen when it occurs.