My IT Diary
The Control+Alt+Delete or Ctrl+Alt+Del key combination is often used on the Windows login or logon screen to strengthen security of a computer. The same like in older versions of Windows, the Ctrl+Alt+Del combination can also be enabled in Windows Vista.
Most corporate computers are set up in a way that you have to use the Ctrl+Alt+Delete combination to log into the system. From the corporate perspective, the Ctrl+Alt+Del logon process is supposed to provide higher security when logging in. If we got used to the Ctrl+Alt+Del combination on our jobs, why not keep using this habit also at home, or better said, why to use different process at home. Here is how to turn the Ctrl+Alt+Del Windows Logon screen on, especially as it relates to Windows Vista.
Why to use Ctrl+Alt+Del on the Windows logon screen?
One unofficial story is that the Ctrl-Alt-Delete logon screen was implemented as an outcome of one hacker who hacked into some Windows and later argued that he was not accessing it illegally (or "hacking" into it) because the logon screen said "Welcome." Well, while this is only a story, using the Ctrl+Alt+Delete screen does have some practical implications.
The Ctrl-Alt-Delete Windows logon screen was an attempt at dealing with certain types of attacks. The purpose of the Ctrl-Alt-Delete Windows logon screen, also called interactive logon, is to provide a trusted path for entering a password. In other words, the main reason for the Control-Alt-Delete process to exist is to provide some measure of confidence when entering a password at the login screen.
The Ctrl+Alt+Delete key combination is the only one that Windows assures it cannot be intercepted by any other application. By Windows asking users to press the Ctrl+Alt+Del key combination before entering their passwords, users know that the password screen really belongs to Windows.
How does the CTRL+ALT+DEL logon work?
In general, it is not very hard to write a malicious program or a shell that looks and feels like Windows and captures your typed key sequences, in this case your login name and password.
The Ctrl+Alt+Del key sequence is reserved by Windows and cannot be trapped by any application. Windows blocks the Ctrl+Alt+Del from being sent to applications which makes it extra complicated to have a fake pop up screen co-existing together with the Ctrl-Alt-Del sequence. This makes Ctrl+Alt+Delete an extra measure of security.
If there was a fake pop up screen on your computer, you would force it to quit by hitting the Ctrl+Alt+Delete sequence. The Ctrl-Alt-Del combination of keys will always force Windows to jump out of whatever it is running.
On another note, the Ctrl+Alt+Delete logon screen process also prevents hackers from using password forcing programs that use a list of passwords to try to obtain the right one. Requiring a user to hit the Ctrl+Alt+Del combination makes the system less vulnerable because a hacker's rogue process cannot just start filling in thousands of passwords to find the right one.
One indirect benefit of the Ctrl+Alt+Del logon screen process is that this key combination is very hard or impossible to press with just one hand on most commonly used keyboards which means it is unlikely it would be hit by mistake.
How do I enable the Ctrl+Alt+Del logon screen in Windows Vista?
As with many things in Windows, there are several ways to get the job done. The Ctrl+Alt+Del logon screen can be enabled through graphical user interface tool, policy editor, or registry editor.
Enable Ctrl+Alt+Del through netplwiz.exe...
The Netplwiz.exe or Advanced User Accounts Control Panel is a useful tool in Windows Vista for managing user accounts. You can find it in %systemroot%\system32\netplWiz.exe. The SystemRoot variable is most likely C:\Windows.
You can start this utility by locating this file and double clicking it or by going to your Start menu, clicking on Run, typing netplwiz and hitting ENTER.
Enable Ctrl+Alt+Del through control userpasswords2...
You can get to the netplwiz.exe tool alternatively through the control userpasswords2 command. You can start this utility by going to your Start menu, clicking on Run, typing control userpasswords2 and hitting ENTER.
After you get to the Advanced User Accounts Control Panel, go to the Advanced tab, and you will see the following:
Windows Vista Home comment: Note, although this can be also accessed via the Advanced properties tab of the User Account Control in Windows Vista Ultimate Control Panel (Control Panel -> User Accounts -> User Accounts -> Manage User Accounts -> UAC prompt -> Advanced), Windows Vista Home and Windows Vista Home Premium do not provide this path. In Home editions, you have to access the Advanced User Accounts Control Panel via the netplwiz.exe or the control userpasswords2 as the only way. There is no Advanced link under User Account Control in Windows Vista Home Control Panel.
Ctrl+Alt+Delete modified in policy editor...
The Ctrl+Alt+Del screen can be also turned on using the Group Policy Editor assuming that you have a version of Windows that was designed to be able to join a domain and has the needed tools. This applies to for example Windows Vista Ultimate or Business. This paragraph does not apply to Windows Vista Home and Home Professional.
Go to your Start menu and click Run. Type gpedit.msc (or secpol.msc) to start the Group Policy Editor. Locate the following entry:
Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
Set the Interactive logon: Do not require CTRL+ALT+DEL policy to disabled.
Enable Ctrl+Alt+Delete through registry...
In case accessing the Advanced User Accounts Control Panel or policy editor is not an option for you, you can modify the Ctrl+Alt+Delete setting directly in registry by changing the DisableCAD and LogonType registry keys. Go to the Start menu, click Run, type regedit, and hit ENTER. Then locate the following registry entry:
If you want to use the Ctrl+Alt+Delete windows logon screen, set the DisableCAD to 0 and the LogonType dword to 0 as well. 0 for the LogonType means Classic Mode Windows logon and 1 is for the Welcome Screen Windows logon screen.
Ctrl+Alt+Del logon screen enabled but still getting the logon icon
After you enable the Ctrl+Alt+Del logon screen for your Vista in the netplwiz.exe Advanced User Accounts Control Panel, you will be able to log into your computer by hitting the Control-Alt-Delete key combination, but you will still be presented with the logon icon and also with the name of the last logged in user. This setup will be "missing" the option of you to personally enter your user name.
If you wish to strengthen the security of your computer further, it is a good idea to disable the icons with the names of existing users and rather force the user to type or fill in his or her user name each time he or she logs in.
Post a Comment