In general the user experience is the same in both connected and disconnected modes, with the exception of single sign-on (SSO). Because the agent does not cache the smart card’s PIN, single sign-on (SSO) is available for smart card authentication only while the computer is connected to the domain.
Of course, certain behaviors and system responses are specific to smart card login:
If the user removes the smart card after logging on, the response of the system depends on whether the group policy “Lock smart card” screen is enabled in the domain. If it is, the screen locks. Otherwise, the screen does not lock and the user may continue working.
Note: For a smart card that is provisioned for multiple users, if the screen locks, the system prompts for a Password, not for a PIN, when the user logs back in. However, the user must enter the PIN for the card, not the password, when logging back in.
- If the user inserts a smart card while the screen saver is active, the response depends on whether “Lock smart card screen” is enabled in the domain. If it is, the screen saver deactivates. If the policy is not enabled, the screen saver continues running until the user moves the mouse or touches a key.