As the title suggest, love to hear what everyone is doing out there. Due to new customer requirement, we need to lock down PCs that authenticate to AD & local accounts for security measures. Most PCs a either running Windows 7/10 with small numbers on XP. Has to be a physical USB key that support FIFO or industry 2FA standard. Any suggestions?