Disable: 'Require trusted path for credential entry' If you enable this policy setting, users are required to enter Windows credentials on the Secure Desktop by means of the trusted path mechanism. This means that before entering account and password information to authorize an elevation request, a user first need to press CTRL+ALT+DEL. Counter Measure: Enable this setting. Potential Impact: If you disable or do not configure this policy setting, users can enter Windows credentials within the user's desktop session, potentially allowing malicious code access to the user's Windows credentials.

[enable/disable]

(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsCredential User InterfaceRequire trusted path for credential entry (2) REG: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesCredUIEnableSecureCredentialPrompting