BrokeBerry

Attack Computer Wiz

A Security & Technology Weblog

I have installed and am currently evaluating Windows 8 Enterprise RTM. In my test domain I discovered right away a glaring item was missing. No I don't mean the start menu, though the lack of a start menu is going to thoroughly confuse most users. What I noticed was missing, as compared to all previous versions of Windows, is the CTRL+ALT+DEL key press to logon to the domain. In all previous versions of Windows after the computer starts up, before the user is allowed to type in their username and password, they are required to press CTRL+ALT+DEL. This key press has been historically tied to ending any unauthorized processes. But in theory, it also requires a human interaction before the logon. This extra key press can show that a user intended to logon. Should they violate corporate policy it may be shown that they did press the keys, they did logon, they were displayed a policy banner, and so on. Alas, in Windows 8 this requirement seems to have become optional.

Now domain administrators need a way to enable this requirement with as little work and as little impact as possible. What I discovered in my testing, and confirmed by a review by others in the same position, a Global Policy Object modification can accomplish this.

To require CTRL+ALT+DEL during logon of WIndows 8 Domain member system follow the below steps.

  1. Navigate to the following GPO setting: "Computer > Policies > Windows Settings > Security Settings > Local Policies > Security Options"
  2. Locate the following key: "Interactive logon: Do not require CTRL+ALT+DEL"
  3. Change the setting to: "Disabled"
  4. Reboot the computer or preform a "gpupdate /force" from the command prompt.
On your next logon you will be required to press CTRL+ALT+DEL to logon to the domain member Windows 8 system. This can be applied at the top level of your domain to apply to all child objects.

user Posted by John "Mike" Wright

| More

0 comments

Post a Comment