No, scratch that-- color you wrong.
Security features and policies are two different things. If you can solve a vulnerability with a feature, you do it. Policies are for things that don't have a technological solution, like social engineering. People should lock their workstations, but they don't always. Instead of remarking on how lazy or dumb they are, Microsoft created a solution 22 years ago.
Also, policy doesn't fix this scenario with a shared computer: a malicious employee, instead of logging off after his shift, runs a fake logon screen malware to collect credentials from other users. Those other users may be privileged or, even if unprivileged, have their identities be used as cover in later attacks.
It's later than you think, the joint Russian-American space mission has already begun.