Windows allows you to lock your screen so that others cannot access your computer without entering your password. This is very useful when you need to be away from your computer and do not want other people to use it or access your documents. 

With the DualShield Windows Logon solution enabled, you have the option to decide whether two-factor authentication is required in order to unlock Windows.

The policy can be found by navigating to "Administration | Policies", then scrolling down to the policy "windows unlock system policies";


The windows unlock system policy settings can be edited by using the context menu option "Edit";


A new window will now open titled "Policy - Edit" that can be used to view and edit the policy settings for this policy;




The category for this policy is "Windows Unlock" (this property cannot be edited).

The holder of this policy is "System" (this property cannot be edited).

The name assigned to identify the lockout system policy by the System Administrator.

The System Administrator may use this field to annotate this policy.

This option allows the System Administrator to enable or disable this policy.



This options allows the system administrator to select which type of authentication method to use when unlocking windows;


  • Multi-Factor Authentication
    Select this option if multi-factor authentication is required when one attempts to unlock Windows.

  • AD Password Authentication Only
    Select this option if only AD (Active Directory) password is required one attempts to unlock Windows

  • 2nd-Factor Authentication Only (Use Cached Password)
    Selection this option if only second factor authentication is required when an attempt is made to unlock Windows. Please note that this option only works if the Static Password cache function is enabled in DualShield (otherwise, the first factor - the AD password, will still be required).
  • No labels