Another login question. There's a setting in Local Security Policy > Security Options: "Do not require Ctrl+Alt+Delete". Disabling it protects against keyloggers at Win Login. I was wondering who else utilized it. If you ask me, it's one of those things (of many) in Windows that should be used by default. But then again, those extra keystrokes may be deemed an irritant by many.
Well, this was "supposed" to be a poll anyway. This is the 2'nd time this has happened to me now. Maybe I'm only allowed 1 poll a day or something? Anyhow, feel free to give your answers anyway.
It is needed at work to log onto the domain. Otherwise it is not used. If you already have a keylogger, your setup has already failed.
I use it as an extra security measure. Also, the UAC/secure desktop (not only graying out the background/desktop but switches the desktop entirely) setting is enabled plus a forced ctrl-alt-del. So when a program wants to elevate, it forces me to press ctrl+alt-del and then switches to a typical "login window".
No, never used that. Just annoying imo. Just touching on any key on keyboard or mouse click to type the password is sufficient security for me. (Linux and Windows 8 has this feature)
Not necessarily. Measures like this, and KeyScrambler make it so that you could have a keylogger and render it moot. So just in case you had a keylogger and didn't know it for awhile, this could save you until you remedied it. How I could remain oblivious to a keylogger with D+ on my computer on the other hand?... dunno. Which is why I ditched KS in the end. D+ would go absolutely ape$h!^. But not at login, before it has a chance to boot up. Hence this Ctrl+Alt+Delete measure.
I remember that i needed to do this every time i needed to log into my previous job PC's. I don't really have a password set on my home PC's so that would be nope.
Yes, I use that gpedit setting on my home pc just because it's sound policy. In fact, I also use: Interactive logon: Do not display last user name
Even Linux-folks want this feature: -http://lwn.net/Articles/363347/ So, Windows-folks should definitely use what's readily available.
Me too. And use classic view wherever I can (Control Panel, Display). And disable the "Themes" service & component... gives your setup a more old school look. And as another person said I also disable the last user login info. So I even have to enter my username at login. I personally don't find it incredibly annoying to enter a few more keystrokes. No more annoying than the 2 mouse clicks I have to make when I want to enable scripts, which happens about once a day and I sleep better at night as a result. "sound policy", agreed. And if Linux users want it, it's good enough for me...
Forgive me for showing up here late. @ luciddream... could you explain to me how requiring Ctrl+Alt+Delete at logon protects against keyloggers?
No last login info here either. I love sound policies. I secure & treat my PC as if it were an exposed kiosk computer! Why? Because I can do it. Bling themes are enabled, but aero is disabled. I enjoyed the "Classic look" for a while, but the buttons were little too small for my taste. @page42 - I don't think the ctrl+alt-del sequence does protect you against keyloggers if you already have one in your system. The direct hand-shake-verify between your kernel and hardware (keyboard) that occurs when the keystroke combo is pressed shows that nothing (program or service) has intercepted the login process - at this point.
Hello Page42 Ctrl-Alt-Delete is a general command that will close all active application when you logon. (That's how I have understood it) This means that if a program is active when you logon, then it will be interrupted, and thereby should protect your password. If it works in practice, I don't know? ( I use Ctrl+Alt+Delete at logon ).
Thanks for the response, Janus. I've looked into this concept a bit deeper, and came upon a pretty good description of what happens when a user presses Ctrl+Alt+Delete at logon. It refers to Ctrl-Alt-Del as the Secure Attention Sequence, which is used to avoid Login spoofing. It now makes sense to me, however the question still remains... Can keyloggers start a computer? More specifically, if login spoofing is allowed to take place and the logon password is stolen, what can a thief do with it... remotely? Isn't physical access to the computer required? I see that Wake-on-LAN can be set up in BIOS, but I'm figuring not many users have configured their computers to do this.
That's a good explanation you have found,regarding secure logon. About your other question, for that I have no idea, sorry , but i will lurk in the background, and hopefully someone will come by and enlightened us. Regards, Janus
