The behavior of Secure Workstation depends on the settings in the Effective policy. The policy includes the following:
After Secure Workstation detects an event, the user is considered to be out of compliance with the policy. This means that the user has, for example, exceeded an inactivity time limit or removed an authentication device, such as a smart card. Unless one of the actions is Log Out of the Workstation or Lock the Workstation, Secure Workstation continues to execute the action associated with the events in the policy that are out of compliance.
Scenario: Removing a Proximity Card. The Effective policy contains a Device Removal Event that requires a pcProx proximity card. The action associated with this event is Close All Programs. Secure Workstation is set up to close all programs specified in the policy when the card is removed.
Claire attempts to restart one of those programs without replacing the proximity card. Secure Workstation immediately closes the program. Secure Workstation continues to execute the action associated with the Device Removal Event until the user is in compliance with the event.
This behavior is the same for all of the Secure Workstation events. If you don't want users to have the ability to run certain programs without being authenticated to the network, configure a Network Logout Event that closes those programs.
You can use the Post-Login Method to provide Secure Workstation with a new effective policy.
Scenario: A New Effective Policy. Claire leaves and takes her proximity card. Secure Workstation closes her programs and continues closing them until her proximity card has been replaced. Markus approaches the workstation and presents his proximity card. Secure Workstation continues to close the programs specified in the policy.
The programs are closed because Secure Workstation requires Claire's proximity card to be present, because Secure Workstation detected Claire's card when Secure Workstation generated the Effective policy that it is currently enforcing. However, Markus can log in using the Post-Login Method, which causes Secure Workstation to refresh its policy. Secure Workstation now requires Markus' proximity card to be present instead of Claire's card.