SDL in Windows
There are different SDL modes for Windows:
-
Explicit
-
Implicit
Using Explicit Mode
SDL can be invoked explicitly prior to domain logon. In Explicit Mode, SDL is implemented as a Pre-Logon Access Provider (PLAP).
A PLAP is a Windows component that enables a Pre Logon Connection to the Internet. After SDL is enabled, or if Windows enables its own PLAP, a new Network Logonbutton is added to the logon screen.
To see available pre-logon connection methods (PLAPs), click the Network Logon button.
|
Note - In Windows 8, to get to PLAP button, from Network Logon screen click back to get to All Users screen. |
Using Implicit Mode
Implicit mode SDL is invoked automatically when the user authenticates to the domain controller. The user does not configure the client to employ implicit mode.
The user cannot authenticate to the domain controller over a VPN, but the client can receive a Group Policy and logon scripts. The Windows operating system authenticates to the domain controller using the cache. To use Implicit mode the end user must
-
Enable Windows Configuring Windows Cached Credentials.
-
Have one successful login to Windows cached in the registry.
|
Note - Implicit mode SDL is not invoked with smart card logon to Windows. |