Ctrl + Alt + Del prior to Windows 10 logon no longer needed?












31














I was running Windows 7 at work; power up the desktop pc and always had to hit Ctrl + Alt + Del before entering your username and password.



I am now running Windows 10 at work, Windows 10 Enterprise if I look on my PC. I no longer have to hit Ctrl + Alt + Del before logging in, and I am pretty sure it is not just me.



Is the existing link with rationale explained no longer relevant with Windows 10? What changed?



Is this no longer relevant? : How does CTRL-ALT-DEL to log in make Windows more secure?



Update:



From Interactive logon: Do not require CTRL+ALT+DEL:




Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords... A malicious user might install malware that looks like the standard logon dialog box for the Windows operating system, and capture a user's password. The attacker can then log on to the compromised account with whatever level of user rights that user has.




I am having trouble understanding this rationale for Ctrl + Alt + Del I mean if a malicious user installs malware that looks like the standard logon screen shouldn't I first be worried about that having happened where malware got installed? Can someone at least provide examples of those attacks user's are left susceptible to?



For so long we've all be marching to the tune of must do Ctrl + Alt + Del prior to logon, and ironically it is worded "Interactive logon: Do not require CTRL+ALT+DEL = Disabled".



Recently NIST revised their password recommendations, I believe it's publication 800-63B. As such, you can read numerous articles and opinions on the subject. My favorite is Stack Overflow cofounder Jeff Atwood's rage: password rules are b.s.. I don't need to go much further than that title to summarize that topic, basically admission that some password rules were security theater. So now I am sort of questioning the credibility of Ctrl + Alt + Del, because (1) it seems it was suddenly dropped in Windows 10, and (2) to me the [official] wording from Microsoft is quite vague.



If you use any computer you are susceptible to attacks in a variety of ways, so I am looking for technical specifics that I can wrap my head around regarding Ctrl + Alt + Del providing value prior to logon.










share|improve this question




















  • 6




    Ask your IT department since it was their decision. My Windows 7 does not need ctrl-alt-del.
    – MonkeyZeus
    Dec 10 '18 at 19:25






  • 2




    if I ask, they will probably google it and give me one of the responses below
    – ron
    Dec 10 '18 at 20:18






  • 2




    It would be interesting to know if it was an informed decision or if they just accepted the defaults and moved on. I would put my money on the latter and it would be even more interesting if your inquiry causes them to re-enable it.
    – MonkeyZeus
    Dec 10 '18 at 20:41
















31














I was running Windows 7 at work; power up the desktop pc and always had to hit Ctrl + Alt + Del before entering your username and password.



I am now running Windows 10 at work, Windows 10 Enterprise if I look on my PC. I no longer have to hit Ctrl + Alt + Del before logging in, and I am pretty sure it is not just me.



Is the existing link with rationale explained no longer relevant with Windows 10? What changed?



Is this no longer relevant? : How does CTRL-ALT-DEL to log in make Windows more secure?



Update:



From Interactive logon: Do not require CTRL+ALT+DEL:




Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords... A malicious user might install malware that looks like the standard logon dialog box for the Windows operating system, and capture a user's password. The attacker can then log on to the compromised account with whatever level of user rights that user has.




I am having trouble understanding this rationale for Ctrl + Alt + Del I mean if a malicious user installs malware that looks like the standard logon screen shouldn't I first be worried about that having happened where malware got installed? Can someone at least provide examples of those attacks user's are left susceptible to?



For so long we've all be marching to the tune of must do Ctrl + Alt + Del prior to logon, and ironically it is worded "Interactive logon: Do not require CTRL+ALT+DEL = Disabled".



Recently NIST revised their password recommendations, I believe it's publication 800-63B. As such, you can read numerous articles and opinions on the subject. My favorite is Stack Overflow cofounder Jeff Atwood's rage: password rules are b.s.. I don't need to go much further than that title to summarize that topic, basically admission that some password rules were security theater. So now I am sort of questioning the credibility of Ctrl + Alt + Del, because (1) it seems it was suddenly dropped in Windows 10, and (2) to me the [official] wording from Microsoft is quite vague.



If you use any computer you are susceptible to attacks in a variety of ways, so I am looking for technical specifics that I can wrap my head around regarding Ctrl + Alt + Del providing value prior to logon.










share|improve this question




















  • 6




    Ask your IT department since it was their decision. My Windows 7 does not need ctrl-alt-del.
    – MonkeyZeus
    Dec 10 '18 at 19:25






  • 2




    if I ask, they will probably google it and give me one of the responses below
    – ron
    Dec 10 '18 at 20:18






  • 2




    It would be interesting to know if it was an informed decision or if they just accepted the defaults and moved on. I would put my money on the latter and it would be even more interesting if your inquiry causes them to re-enable it.
    – MonkeyZeus
    Dec 10 '18 at 20:41














31












31








31


4





I was running Windows 7 at work; power up the desktop pc and always had to hit Ctrl + Alt + Del before entering your username and password.



I am now running Windows 10 at work, Windows 10 Enterprise if I look on my PC. I no longer have to hit Ctrl + Alt + Del before logging in, and I am pretty sure it is not just me.



Is the existing link with rationale explained no longer relevant with Windows 10? What changed?



Is this no longer relevant? : How does CTRL-ALT-DEL to log in make Windows more secure?



Update:



From Interactive logon: Do not require CTRL+ALT+DEL:




Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords... A malicious user might install malware that looks like the standard logon dialog box for the Windows operating system, and capture a user's password. The attacker can then log on to the compromised account with whatever level of user rights that user has.




I am having trouble understanding this rationale for Ctrl + Alt + Del I mean if a malicious user installs malware that looks like the standard logon screen shouldn't I first be worried about that having happened where malware got installed? Can someone at least provide examples of those attacks user's are left susceptible to?



For so long we've all be marching to the tune of must do Ctrl + Alt + Del prior to logon, and ironically it is worded "Interactive logon: Do not require CTRL+ALT+DEL = Disabled".



Recently NIST revised their password recommendations, I believe it's publication 800-63B. As such, you can read numerous articles and opinions on the subject. My favorite is Stack Overflow cofounder Jeff Atwood's rage: password rules are b.s.. I don't need to go much further than that title to summarize that topic, basically admission that some password rules were security theater. So now I am sort of questioning the credibility of Ctrl + Alt + Del, because (1) it seems it was suddenly dropped in Windows 10, and (2) to me the [official] wording from Microsoft is quite vague.



If you use any computer you are susceptible to attacks in a variety of ways, so I am looking for technical specifics that I can wrap my head around regarding Ctrl + Alt + Del providing value prior to logon.










share|improve this question















I was running Windows 7 at work; power up the desktop pc and always had to hit Ctrl + Alt + Del before entering your username and password.



I am now running Windows 10 at work, Windows 10 Enterprise if I look on my PC. I no longer have to hit Ctrl + Alt + Del before logging in, and I am pretty sure it is not just me.



Is the existing link with rationale explained no longer relevant with Windows 10? What changed?



Is this no longer relevant? : How does CTRL-ALT-DEL to log in make Windows more secure?



Update:



From Interactive logon: Do not require CTRL+ALT+DEL:




Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords... A malicious user might install malware that looks like the standard logon dialog box for the Windows operating system, and capture a user's password. The attacker can then log on to the compromised account with whatever level of user rights that user has.




I am having trouble understanding this rationale for Ctrl + Alt + Del I mean if a malicious user installs malware that looks like the standard logon screen shouldn't I first be worried about that having happened where malware got installed? Can someone at least provide examples of those attacks user's are left susceptible to?



For so long we've all be marching to the tune of must do Ctrl + Alt + Del prior to logon, and ironically it is worded "Interactive logon: Do not require CTRL+ALT+DEL = Disabled".



Recently NIST revised their password recommendations, I believe it's publication 800-63B. As such, you can read numerous articles and opinions on the subject. My favorite is Stack Overflow cofounder Jeff Atwood's rage: password rules are b.s.. I don't need to go much further than that title to summarize that topic, basically admission that some password rules were security theater. So now I am sort of questioning the credibility of Ctrl + Alt + Del, because (1) it seems it was suddenly dropped in Windows 10, and (2) to me the [official] wording from Microsoft is quite vague.



If you use any computer you are susceptible to attacks in a variety of ways, so I am looking for technical specifics that I can wrap my head around regarding Ctrl + Alt + Del providing value prior to logon.







windows security






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 10 '18 at 22:28









Peter Mortensen

2,09742124




2,09742124










asked Dec 10 '18 at 16:56









ron

29249




29249








  • 6




    Ask your IT department since it was their decision. My Windows 7 does not need ctrl-alt-del.
    – MonkeyZeus
    Dec 10 '18 at 19:25






  • 2




    if I ask, they will probably google it and give me one of the responses below
    – ron
    Dec 10 '18 at 20:18






  • 2




    It would be interesting to know if it was an informed decision or if they just accepted the defaults and moved on. I would put my money on the latter and it would be even more interesting if your inquiry causes them to re-enable it.
    – MonkeyZeus
    Dec 10 '18 at 20:41














  • 6




    Ask your IT department since it was their decision. My Windows 7 does not need ctrl-alt-del.
    – MonkeyZeus
    Dec 10 '18 at 19:25






  • 2




    if I ask, they will probably google it and give me one of the responses below
    – ron
    Dec 10 '18 at 20:18






  • 2




    It would be interesting to know if it was an informed decision or if they just accepted the defaults and moved on. I would put my money on the latter and it would be even more interesting if your inquiry causes them to re-enable it.
    – MonkeyZeus
    Dec 10 '18 at 20:41








6




6




Ask your IT department since it was their decision. My Windows 7 does not need ctrl-alt-del.
– MonkeyZeus
Dec 10 '18 at 19:25




Ask your IT department since it was their decision. My Windows 7 does not need ctrl-alt-del.
– MonkeyZeus
Dec 10 '18 at 19:25




2




2




if I ask, they will probably google it and give me one of the responses below
– ron
Dec 10 '18 at 20:18




if I ask, they will probably google it and give me one of the responses below
– ron
Dec 10 '18 at 20:18




2




2




It would be interesting to know if it was an informed decision or if they just accepted the defaults and moved on. I would put my money on the latter and it would be even more interesting if your inquiry causes them to re-enable it.
– MonkeyZeus
Dec 10 '18 at 20:41




It would be interesting to know if it was an informed decision or if they just accepted the defaults and moved on. I would put my money on the latter and it would be even more interesting if your inquiry causes them to re-enable it.
– MonkeyZeus
Dec 10 '18 at 20:41










2 Answers
2






active

oldest

votes


















34














Aaron Margosis who writes for the Microsoft Security Guidance blog on TechNet addressed this specifically a couple of times regarding the change to "Not Configured" for Secure Attention Sequence aka Ctrl Alt Del. It basically boils down to the fact that users can't tell if they're at the secure desktop, it's easier to steal the same user credentials inside the desktop, and it's hard to implement on keyboard-less devices.



Changes from the Windows 8.1 baseline to the Windows 10 (TH1/1507) baseline (20151118)
Aaron Margosis November 18, 2015

Enforcement of Ctrl+Alt+Del at logon to protect credentials from theft.



"This is not particularly strong protection. First, it depends on a user that’s looking at a spoofed logon screen remembering that he or she hadn’t pressed Ctrl+Alt+Del before typing a password. Second, so many apps prompt the user for the same credentials on the user’s desktop that the credentials can easily be stolen there. Third, if the adversary has gained administrative control of the computer, the “secure desktop” is no longer a protected space. Finally, with devices offering more keyboard-free logon experiences such as facial recognition, Ctrl+Alt+Del becomes an annoying interference."




from "Security baseline for Windows 10 – DRAFT" by Aaron Margosis, October 8, 2015




"[Aaron Margosis] Great question. One is the increase in systems where a Secure Attention Sequence (SAS) isn't feasible. Second is that the SAS has probably been a very low-value protection, overall. See the discussion about a setting where we made it possible to go overboard on the SAS and how that didn't really work out well:"




from Unintended Consequences of Security Lockdowns






share|improve this answer































    13














    It's still in force, but Microsoft did that to make the device more accessible to people with disability.



    You can easily enforce back the default ctrl-alt-del key combo.




    Microsoft developed this feature to make it easier for users with
    certain types of physical impairments to log on to device running the
    Windows operating system; however, not having to press the
    CTRL+ALT+DELETE key combination leaves users susceptible to attacks
    that attempt to intercept their passwords. Requiring CTRL+ALT+DELETE
    before users log on ensures that users are communicating by means of a
    trusted path when entering their passwords.




    GPO :
    Disable CTRL+ALT+DEL requirement for logon at



    Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options



    Reference there



    ps; If the windows 10 is under a workgroup, you can change that setting in the control panel in the advanced tab of the user management applet.



    Edit 1 - As your question evolved



    In Windows OS, WinLogon register the crtl-alt-delete sequence, and allow no one else to listen to that. It's called a Secure Attention Key.



    A malware would need to modify or hijack the winlogon process to achieve the goal to capture that sequence.



    The sequence is considered secure and the process do launch the login prompt.



    Per the official documentation;




    When Winlogon initializes, it registers the CTRL+ALT+DEL secure
    attention sequence (SAS) with the system, and then creates three
    desktops within the WinSta0 window station.



    Registering CTRL+ALT+DEL makes this initialization the first process,
    thus ensuring that no other application has hooked that key sequence.



    WinSta0 is the name of the window station object that represents the
    physical screen, keyboard and mouse. Winlogon creates the following
    desktops in the WinSta0 object.




    You could also see that answer there for the same reason told; https://security.stackexchange.com/questions/34972/whats-the-rationale-behind-ctrl-alt-del-for-login






    share|improve this answer























      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "2"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f943681%2fctrl-alt-del-prior-to-windows-10-logon-no-longer-needed%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      34














      Aaron Margosis who writes for the Microsoft Security Guidance blog on TechNet addressed this specifically a couple of times regarding the change to "Not Configured" for Secure Attention Sequence aka Ctrl Alt Del. It basically boils down to the fact that users can't tell if they're at the secure desktop, it's easier to steal the same user credentials inside the desktop, and it's hard to implement on keyboard-less devices.



      Changes from the Windows 8.1 baseline to the Windows 10 (TH1/1507) baseline (20151118)
      Aaron Margosis November 18, 2015

      Enforcement of Ctrl+Alt+Del at logon to protect credentials from theft.



      "This is not particularly strong protection. First, it depends on a user that’s looking at a spoofed logon screen remembering that he or she hadn’t pressed Ctrl+Alt+Del before typing a password. Second, so many apps prompt the user for the same credentials on the user’s desktop that the credentials can easily be stolen there. Third, if the adversary has gained administrative control of the computer, the “secure desktop” is no longer a protected space. Finally, with devices offering more keyboard-free logon experiences such as facial recognition, Ctrl+Alt+Del becomes an annoying interference."




      from "Security baseline for Windows 10 – DRAFT" by Aaron Margosis, October 8, 2015




      "[Aaron Margosis] Great question. One is the increase in systems where a Secure Attention Sequence (SAS) isn't feasible. Second is that the SAS has probably been a very low-value protection, overall. See the discussion about a setting where we made it possible to go overboard on the SAS and how that didn't really work out well:"




      from Unintended Consequences of Security Lockdowns






      share|improve this answer




























        34














        Aaron Margosis who writes for the Microsoft Security Guidance blog on TechNet addressed this specifically a couple of times regarding the change to "Not Configured" for Secure Attention Sequence aka Ctrl Alt Del. It basically boils down to the fact that users can't tell if they're at the secure desktop, it's easier to steal the same user credentials inside the desktop, and it's hard to implement on keyboard-less devices.



        Changes from the Windows 8.1 baseline to the Windows 10 (TH1/1507) baseline (20151118)
        Aaron Margosis November 18, 2015

        Enforcement of Ctrl+Alt+Del at logon to protect credentials from theft.



        "This is not particularly strong protection. First, it depends on a user that’s looking at a spoofed logon screen remembering that he or she hadn’t pressed Ctrl+Alt+Del before typing a password. Second, so many apps prompt the user for the same credentials on the user’s desktop that the credentials can easily be stolen there. Third, if the adversary has gained administrative control of the computer, the “secure desktop” is no longer a protected space. Finally, with devices offering more keyboard-free logon experiences such as facial recognition, Ctrl+Alt+Del becomes an annoying interference."




        from "Security baseline for Windows 10 – DRAFT" by Aaron Margosis, October 8, 2015




        "[Aaron Margosis] Great question. One is the increase in systems where a Secure Attention Sequence (SAS) isn't feasible. Second is that the SAS has probably been a very low-value protection, overall. See the discussion about a setting where we made it possible to go overboard on the SAS and how that didn't really work out well:"




        from Unintended Consequences of Security Lockdowns






        share|improve this answer


























          34












          34








          34






          Aaron Margosis who writes for the Microsoft Security Guidance blog on TechNet addressed this specifically a couple of times regarding the change to "Not Configured" for Secure Attention Sequence aka Ctrl Alt Del. It basically boils down to the fact that users can't tell if they're at the secure desktop, it's easier to steal the same user credentials inside the desktop, and it's hard to implement on keyboard-less devices.



          Changes from the Windows 8.1 baseline to the Windows 10 (TH1/1507) baseline (20151118)
          Aaron Margosis November 18, 2015

          Enforcement of Ctrl+Alt+Del at logon to protect credentials from theft.



          "This is not particularly strong protection. First, it depends on a user that’s looking at a spoofed logon screen remembering that he or she hadn’t pressed Ctrl+Alt+Del before typing a password. Second, so many apps prompt the user for the same credentials on the user’s desktop that the credentials can easily be stolen there. Third, if the adversary has gained administrative control of the computer, the “secure desktop” is no longer a protected space. Finally, with devices offering more keyboard-free logon experiences such as facial recognition, Ctrl+Alt+Del becomes an annoying interference."




          from "Security baseline for Windows 10 – DRAFT" by Aaron Margosis, October 8, 2015




          "[Aaron Margosis] Great question. One is the increase in systems where a Secure Attention Sequence (SAS) isn't feasible. Second is that the SAS has probably been a very low-value protection, overall. See the discussion about a setting where we made it possible to go overboard on the SAS and how that didn't really work out well:"




          from Unintended Consequences of Security Lockdowns






          share|improve this answer














          Aaron Margosis who writes for the Microsoft Security Guidance blog on TechNet addressed this specifically a couple of times regarding the change to "Not Configured" for Secure Attention Sequence aka Ctrl Alt Del. It basically boils down to the fact that users can't tell if they're at the secure desktop, it's easier to steal the same user credentials inside the desktop, and it's hard to implement on keyboard-less devices.



          Changes from the Windows 8.1 baseline to the Windows 10 (TH1/1507) baseline (20151118)
          Aaron Margosis November 18, 2015

          Enforcement of Ctrl+Alt+Del at logon to protect credentials from theft.



          "This is not particularly strong protection. First, it depends on a user that’s looking at a spoofed logon screen remembering that he or she hadn’t pressed Ctrl+Alt+Del before typing a password. Second, so many apps prompt the user for the same credentials on the user’s desktop that the credentials can easily be stolen there. Third, if the adversary has gained administrative control of the computer, the “secure desktop” is no longer a protected space. Finally, with devices offering more keyboard-free logon experiences such as facial recognition, Ctrl+Alt+Del becomes an annoying interference."




          from "Security baseline for Windows 10 – DRAFT" by Aaron Margosis, October 8, 2015




          "[Aaron Margosis] Great question. One is the increase in systems where a Secure Attention Sequence (SAS) isn't feasible. Second is that the SAS has probably been a very low-value protection, overall. See the discussion about a setting where we made it possible to go overboard on the SAS and how that didn't really work out well:"




          from Unintended Consequences of Security Lockdowns







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Dec 11 '18 at 21:14









          chicks

          3,00271831




          3,00271831










          answered Dec 10 '18 at 19:04









          spacenomyous

          1,167215




          1,167215

























              13














              It's still in force, but Microsoft did that to make the device more accessible to people with disability.



              You can easily enforce back the default ctrl-alt-del key combo.




              Microsoft developed this feature to make it easier for users with
              certain types of physical impairments to log on to device running the
              Windows operating system; however, not having to press the
              CTRL+ALT+DELETE key combination leaves users susceptible to attacks
              that attempt to intercept their passwords. Requiring CTRL+ALT+DELETE
              before users log on ensures that users are communicating by means of a
              trusted path when entering their passwords.




              GPO :
              Disable CTRL+ALT+DEL requirement for logon at



              Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options



              Reference there



              ps; If the windows 10 is under a workgroup, you can change that setting in the control panel in the advanced tab of the user management applet.



              Edit 1 - As your question evolved



              In Windows OS, WinLogon register the crtl-alt-delete sequence, and allow no one else to listen to that. It's called a Secure Attention Key.



              A malware would need to modify or hijack the winlogon process to achieve the goal to capture that sequence.



              The sequence is considered secure and the process do launch the login prompt.



              Per the official documentation;




              When Winlogon initializes, it registers the CTRL+ALT+DEL secure
              attention sequence (SAS) with the system, and then creates three
              desktops within the WinSta0 window station.



              Registering CTRL+ALT+DEL makes this initialization the first process,
              thus ensuring that no other application has hooked that key sequence.



              WinSta0 is the name of the window station object that represents the
              physical screen, keyboard and mouse. Winlogon creates the following
              desktops in the WinSta0 object.




              You could also see that answer there for the same reason told; https://security.stackexchange.com/questions/34972/whats-the-rationale-behind-ctrl-alt-del-for-login






              share|improve this answer




























                13














                It's still in force, but Microsoft did that to make the device more accessible to people with disability.



                You can easily enforce back the default ctrl-alt-del key combo.




                Microsoft developed this feature to make it easier for users with
                certain types of physical impairments to log on to device running the
                Windows operating system; however, not having to press the
                CTRL+ALT+DELETE key combination leaves users susceptible to attacks
                that attempt to intercept their passwords. Requiring CTRL+ALT+DELETE
                before users log on ensures that users are communicating by means of a
                trusted path when entering their passwords.




                GPO :
                Disable CTRL+ALT+DEL requirement for logon at



                Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options



                Reference there



                ps; If the windows 10 is under a workgroup, you can change that setting in the control panel in the advanced tab of the user management applet.



                Edit 1 - As your question evolved



                In Windows OS, WinLogon register the crtl-alt-delete sequence, and allow no one else to listen to that. It's called a Secure Attention Key.



                A malware would need to modify or hijack the winlogon process to achieve the goal to capture that sequence.



                The sequence is considered secure and the process do launch the login prompt.



                Per the official documentation;




                When Winlogon initializes, it registers the CTRL+ALT+DEL secure
                attention sequence (SAS) with the system, and then creates three
                desktops within the WinSta0 window station.



                Registering CTRL+ALT+DEL makes this initialization the first process,
                thus ensuring that no other application has hooked that key sequence.



                WinSta0 is the name of the window station object that represents the
                physical screen, keyboard and mouse. Winlogon creates the following
                desktops in the WinSta0 object.




                You could also see that answer there for the same reason told; https://security.stackexchange.com/questions/34972/whats-the-rationale-behind-ctrl-alt-del-for-login






                share|improve this answer


























                  13












                  13








                  13






                  It's still in force, but Microsoft did that to make the device more accessible to people with disability.



                  You can easily enforce back the default ctrl-alt-del key combo.




                  Microsoft developed this feature to make it easier for users with
                  certain types of physical impairments to log on to device running the
                  Windows operating system; however, not having to press the
                  CTRL+ALT+DELETE key combination leaves users susceptible to attacks
                  that attempt to intercept their passwords. Requiring CTRL+ALT+DELETE
                  before users log on ensures that users are communicating by means of a
                  trusted path when entering their passwords.




                  GPO :
                  Disable CTRL+ALT+DEL requirement for logon at



                  Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options



                  Reference there



                  ps; If the windows 10 is under a workgroup, you can change that setting in the control panel in the advanced tab of the user management applet.



                  Edit 1 - As your question evolved



                  In Windows OS, WinLogon register the crtl-alt-delete sequence, and allow no one else to listen to that. It's called a Secure Attention Key.



                  A malware would need to modify or hijack the winlogon process to achieve the goal to capture that sequence.



                  The sequence is considered secure and the process do launch the login prompt.



                  Per the official documentation;




                  When Winlogon initializes, it registers the CTRL+ALT+DEL secure
                  attention sequence (SAS) with the system, and then creates three
                  desktops within the WinSta0 window station.



                  Registering CTRL+ALT+DEL makes this initialization the first process,
                  thus ensuring that no other application has hooked that key sequence.



                  WinSta0 is the name of the window station object that represents the
                  physical screen, keyboard and mouse. Winlogon creates the following
                  desktops in the WinSta0 object.




                  You could also see that answer there for the same reason told; https://security.stackexchange.com/questions/34972/whats-the-rationale-behind-ctrl-alt-del-for-login






                  share|improve this answer














                  It's still in force, but Microsoft did that to make the device more accessible to people with disability.



                  You can easily enforce back the default ctrl-alt-del key combo.




                  Microsoft developed this feature to make it easier for users with
                  certain types of physical impairments to log on to device running the
                  Windows operating system; however, not having to press the
                  CTRL+ALT+DELETE key combination leaves users susceptible to attacks
                  that attempt to intercept their passwords. Requiring CTRL+ALT+DELETE
                  before users log on ensures that users are communicating by means of a
                  trusted path when entering their passwords.




                  GPO :
                  Disable CTRL+ALT+DEL requirement for logon at



                  Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options



                  Reference there



                  ps; If the windows 10 is under a workgroup, you can change that setting in the control panel in the advanced tab of the user management applet.



                  Edit 1 - As your question evolved



                  In Windows OS, WinLogon register the crtl-alt-delete sequence, and allow no one else to listen to that. It's called a Secure Attention Key.



                  A malware would need to modify or hijack the winlogon process to achieve the goal to capture that sequence.



                  The sequence is considered secure and the process do launch the login prompt.



                  Per the official documentation;




                  When Winlogon initializes, it registers the CTRL+ALT+DEL secure
                  attention sequence (SAS) with the system, and then creates three
                  desktops within the WinSta0 window station.



                  Registering CTRL+ALT+DEL makes this initialization the first process,
                  thus ensuring that no other application has hooked that key sequence.



                  WinSta0 is the name of the window station object that represents the
                  physical screen, keyboard and mouse. Winlogon creates the following
                  desktops in the WinSta0 object.




                  You could also see that answer there for the same reason told; https://security.stackexchange.com/questions/34972/whats-the-rationale-behind-ctrl-alt-del-for-login







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited Dec 11 '18 at 2:01

























                  answered Dec 10 '18 at 17:05









                  yagmoth555

                  11.3k31742




                  11.3k31742






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Server Fault!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.





                      Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                      Please pay close attention to the following guidance:


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f943681%2fctrl-alt-del-prior-to-windows-10-logon-no-longer-needed%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      Plaza Victoria

                      Puebla de Zaragoza

                      Musa