Enforce Smart Card Logon with Group Policy

Scenario. You administer the Active Directory domain halcyon.local for Halcyon Photonics. After a contractor's reused password let an outsider read prototype waveguide schematics, leadership now requires that every workstation in the Optical Design Group accept only smart-card logons, and that pulling the card immediately ends the session. A Group Policy object, ODG-CardLogon-Policy, is already created and linked to the Optical-Design OU on the domain controller HALCYON-DC2, and certificate auto-enrollment is already configured. Finish the hardening.

SY0-701 · Obj 4.6 IAM · MFA Smart card = “something you have”

Group Policy Management — HALCYON-DC2 (simulated)

Group Policy Management

▾🌐Group Policy Management
- ▾🏢Forest: halcyon.local
  - ▾📁Domains
    - ▾🌳halcyon.local
      - ▾🗂️Optical-Design
        
        📜 ODG-CardLogon-Policy

Select ODG-CardLogon-Policy in the tree to manage the linked GPO.

Computer Configuration › Policies › Windows Settings › Security Settings › Local Policies › Security Options

Policy	Security Setting

Double-click a policy (or select it and press Enter) to edit its setting.

Tasks

1 Enforce ODG-CardLogon-Policy on the Optical-Design OU. Right-pane → check Enforced.
2 Set Interactive logon: Require smart card to Enabled. Security Options → edit the policy.
3 Set Interactive logon: Smart card removal behavior to Force Logoff.Security Options → edit the policy.

Questions

Hacker name (pseudonym — no real names)

Score 0 / 6 Complete the tasks and questions, then submit.