(Re-post in right area)
Does anyone know of a solution for this scenario:
Require CAC and lock workstation upon CAC removal pushed via GPO to the workstations. We have hybrid users that use workstations that have NAM enforced and other workstations on separate networks that do not use NAM. Both use the same AD which is why we cannot check the box on user accounts to require CAC and we accomplish require CAC via the GPO for the NAM workstations. If a user attempts to change password because they are required to on a NAM and CAC only workstation this fails. IS there a way around this? Or is the only way a ticket and an admin does it? Or will that user have to do it on the no-NAM workstation?
Thanks in advance.