Smart Card behavior changes when App Volume is attached.

This post was originally published on this site

Hi. Just some quick environment info. We are running Horizon 7.9 with Windows 10 1809 instant clones, UEM, and AppVolumes 2.18. We are in a DoD environment and have to follow the rules regarding smart card logins and behaviors. If a user is not entitled to an AppVol everything functions normally but as soon as an AppVol is attached the smart card behavior changes.


Our biggest issue currently is that the work stations do not lock when a user with an AppVol attached pulls their CAC. Interactive logon: Smart card removal behavior” to “Lock Workstation” is set via GPO. If I check the registry HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonscremoveoption it is set to “1” which is the value to lock the workstation. The registry value remains a “1” whether the user has an appvol attached or not. Part of the strange behavior is that the very first time a user pulls their CAC after logging in, the work station will lock but fails to lock any subsequent times a user pull their CAC. If I remove them from an appvol the behavior returns to normal.


I’m guessing a registry valued got captured during the AppStacks creation process and is somehow tacking precedence over what is in HKLM on the VM. Has anyone else ever observed this behavior?





EDIT: This behavior was not an issue on our old Horizon 7.4 environment utilizing AppVols 2.17 and Windows 10 1703


EDIT 10/25/19 not sure why or how this post got marked ‘Solved’ it most definitely is not.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.