Configure Windows Authentication Grace Period for Run with Alternate Account

You use this group policy to specify that there is a grace period for users running an alternate account before they must re-authenticate. By default, this policy is not enabled. If you enable this policy, you specify the time period in minutes. This policy works in conjunction with Require re-authentication to run application with alternate account.

You set up alternate accounts in Privileged Access Service. Alternate accounts are a way that you can allow a user to access a privileged account.

There are two settings for this group policy:

• By default, when this policy is Disabled or Not Configured, there is no grace period for re-authentication for users running an application with an alternate account.
• When this policy is Enabled, you specify the grace period by the number of minutes. This grace period is how long the user can run an application using an alternate account before having to re-authenticate.

If you have not also enabled the Require re-authentication to run application with alternate account policy, this policy has no effect.