User successfully logs in as user@EXAMPLE.COM
.
User is then mapped to user@ad.example.com
via
altSecurityIdentities: Kerberos:user@EXAMPLE.COM
When the user locks the screen, the lock screen is for user@ad.example.com
, which the user does not have the (randomized) password for.
It is possible for the user return to their session by backing out to the main login screen, which where EXAMPLE.COM
is the default domain/realm, and logging in there.
Is there a way to force user@EXAMPLE.COM
as lock screen user or, failing that, cause the lock screen to go immediately to the switch user screen.
I am primarily interested in Windows 7 and 8, but knowledge for other version would also be useful.