How is the option for admins to require ctrl+alt+del at login in windows more secure?
've never understood this and never will...but how in the world is administrators having the option to enable a system policy to require users to press ctrl+alt+del before logging in making the system more secure??? It doesn't make it harder for hackers to brute force an account, that's what the lockout policy is for, and last I checked the only people that measure does keep out is people who have trouble using a keyboard (which most certainly excludes people who are looking to cause trouble on the computer) so why in the world was that ever implemented and for that matter, kept in the OSes all the way from NT to 2000 to XP??? :confused: [img]http://images.techguy.org/smilies/thumbsdown.gif[/img]
God, i know that it is anoying i had a friends dell for along time and i could not turn that thing off and it anoyed the crap out of me. suposedly it is a secure combination that only your OS uses so other applications dont respond, but wtf? you should never need that for start up. I guess it gives the false feeling of security.
The explanation from Wikipedia sums it up pretty well:
The design of Windows NT is such that, unless security is already compromised in some other way, only the WinLogon process, a trusted system process, can receive notification of this keystroke combination (because it is the first to register the keyboard hook). This keystroke combination is thus a secure attention key . A user pressing Control-Alt-Delete can be sure that it is the operating system (specifically the WinLogon process), rather than a third party program, that is responding to the key combination, and that it is therefore safe to enter a password. It was chosen as the secure attention key in Windows (instead of, for example, the System Request key), because on the PC platform no program could reasonably expect to redefine this keystroke combination for its own purposes.
Actually yeah I've seen some...although the ones I saw were immitating the windows98 dialup login screens, haven't seen anything for xp, 2000, or nt though...
Keyloggers. They don't actually have to emulate the graphical login dialog; they can could call the real dialog window and then capture the users input into the window.
Click Start--->Run and type "control userpasswords2" in the run dialog without the quotes. You can disable it in the Advanced tab of the dialog that appears.
A more fine grained customization can be done in the dialog that appears by typing gpedit.msc in the Run dialog box.
![http://images.techguy.org/smilies/thumbsdown.gif[/img]](http://images.techguy.org/smilies/thumbsdown.gif%5B/img%5D){kind=link}