To lock your workstation when you removing your YubiKey on Windows, you can execute the following steps:
- Edit the local security Policy
- Run “gpedit.msc” as an administrator.
-
Navigate to this option group: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
-
Set “Interactive logon: Smart card removal behavior” to “Lock Workstation”.
-
- Run the Windows Service ‘Smard Card Rmoval Policy" on Startup
- Run “services” as an administrator
- Right click on “Smart Card Removal Policy”, and click property. Set “Startup type” to “Automatic (delayed)”.
The reason I used the “delayed” option instead of Automatic is that if the smart card software isn’t fully loaded after the initial login, it might lock your computer immediately. My driver/smart card take a few seconds to be read so this fixed that problem for me so I only have to login once.
The above should work on: Windows Vista, Windows 7, Windows 8, Windows 10, Windows 11, Windows Server 2008, Windows Server 2008 R2 and WIndows Server 2012.