Archived from groups: microsoft.public.win2000.security (
More info?)
It is better to enforce it which should happen automatically for a domain
member computer. It can be configured in security policy/security options
which can be invoked via secpol.msc for a local computer. The link below
explains more which contains reference to security options.. --- Steve
http://www.microsoft.com/technet/Security/prodtech/win2000/win2khg/05sconfg.mspx
Disable CTRL+ALT+DEL Required for Logon
Security Objective: Enabling this option will disable the trusted path
mechanism. The purpose of the trusted path mechanism is to prevent spoofing
of user login sessions. It is the mechanism which causes the operating
system to always intercept CTRL+ALT+DEL key-sequences and prevents other
sub-systems and processes from capturing that key-sequence. If this
mechanism is disabled, it would be simply for an attacker to spoof the logon
interface with a keystroke logger. Therefore, this setting should never be
enabled. The default setting of this option is Disabled on a Windows 2000
computer, although a policy tool may show it as Not Defined.
Recommendation: Set this policy to disabled.
Note: The default is "leave as is" but disabling the setting ensures that it
is overridden on machines where it has been changed.
"ircian" <ircian@discussions.microsoft.com> wrote in message
news:BDB35879-4044-4A01-90BB-DB6C6F9F3780@microsoft.com...
> Hello,
>
> I have read about the use of enforcing the pressing of "CTRL+ALT+DEL"
> before
> logon to windows NT. But i really can't get it. Is it better to enforce or
> not ?
> Also, I have known that you can edit the registry to run the command
> interpreter before logging onto windows. How can that be useful (or
> harmful)
> for both the user and administrator?
>
> Thank you
> Mohamed