Forum Discussion
Allow dynamic lock with FIDO key
Within Windows 11 (and 10) you can configure various options to log into the system. One possibility is the usage of a physical security key. I really like this option, especially in conjunction with...
Hi Marc_Gehri,
unfortunately there is still nothing available from Microsoft. We wrote a little tool, that runs as tray icon. It watches for a FIDO key being removed and in that case it locks the screen.
I can't give you the tool, but the most interesting code parts to write the tool yourself, would be these:
private static bool GetIsFidoKeyAvailable()
{
return new ManagementObjectSearcher("SELECT * FROM Win32_PnPEntity WHERE Manufacturer='FIDO'").Get().Cast<object>().Any<object>();
}this._managementEventWatcher = new ManagementEventWatcher();
WqlEventQuery query = new WqlEventQuery("SELECT * FROM Win32_DeviceChangeEvent");
this._managementEventWatcher.EventArrived += delegate(object s, EventArrivedEventArgs e)
{
var isKeyAvailable = GetIsFidoKeyAvailable();
if(!isKeyAvailable)
{
// ToDo: Lock or log off current user
Process.Start("C:\\WINDOWS\\system32\\rundll32.exe", "user32.dll,LockWorkStation");
}
};
this._managementEventWatcher.Query = query;
this._managementEventWatcher.Start();
Be aware, that we seen (especially when using USB Hubs), that the key sometimes gets announced to be removed, just to come back a few hundred milliseconds later. For this purpose we debounced the log off to wait for 1 sec before really doing so.
Can you please post the entire tool somewhere?