The Smart Card Removal Policy (SCPolicySvc) service allows the system to be configured to lock the user desktop, disconnect from Remote Desktop sessions, or log off the user upon smart card removal. Users who walk away from computers that are running an active logon session create a security risk. To enforce the security of your system, it is best practice for users to disconnect from Remote Desktop sessions and log off or lock their computers when they leave. The Smart Card Removal Policy service allows you to force users to comply with this practice when they remove their smart cards.
Note: If you decide to force the logoff, users must ensure that they have saved changes to documents and other files before they remove their smart cards. Otherwise, they may lose any changes they have made.
Whether you use the Smart Card Removal Policy service depends on how your users interact with their computers. For example, this policy might be used for computers in an open floor or kiosk environment. This policy may not be necessary when users have dedicated computers or exclusive use of multiple computers. You can use a password-protected screensaver or other means to lock the computers of these users.
This service is installed by default and its startup type is Manual.
When the Smart Card Removal Policy service is started in its default configuration, it logs on by using the Local System account.
The Smart Card Removal Policy service is dependent upon the following system components:
- Remote Procedure Call (RPC)
- DCOM Server Process Launcher
- RPC Endpoint Mapper