Interactive logon: Do not require CTRL+ALT+DELID: oval:org.secpod.oval:def:35182 | Date: (C)2016-06-10 (M)2023-12-13 |
Class: COMPLIANCE | Family: windows |
This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on.
If this policy is enabled on a computer, a user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords.
If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows.
Default on domain-computers: Enabled: At least Windows 8/Disabled: Windows 7 or earlier.
Default on stand-alone computers: Enabled.
Counter Measure:
Configure the Disable CTRL+ALT+DEL requirement for logon setting to Disabled.
Potential Impact:
Unless they use a smart card to log on, users will have to simultaneously press three keys before the logon dialog box will display.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL
(2) REG: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableCAD
Platform: |
Microsoft Windows 10 |