How to Enable Secure Logon (Ctrl+Alt+Delete)

Key Points
Introduction: Explains why leaving Secure logon (Ctrl+Alt+Delete) disabled increases exposure to credential theft, since malware can mimic a Windows sign-in screen and trick users into entering passwords, and why enabling it adds a trusted login step.
Quick setup: Shows how to detect the Secure logon is not enabled misconfiguration in Vulnerability Manager Plus and provides the exact Group Policy steps to enforce it across endpoints by setting Interactive logon: Do not require CTRL+ALT+DEL to Disabled.
Frequently Asked Questions: Covers practical questions about Secure logon, including what Ctrl+Alt+Delete (Secure Attention Sequence) does, why it helps prevent spoofed logon prompts, how to verify it’s enabled on endpoints, how to enforce it using Group Policy, whether a reboot is required, and what to validate after applying the policy.

Detect secure logon is not enabled and similar misconfigurations quickly.

Spot Now

Introduction

Secure logon (Ctrl+Alt+Delete) adds a trusted step before a user can enter credentials on Windows. This key sequence is known as the Secure Attention Sequence (SAS), and it helps ensure the sign-in screen the user sees is the real Windows logon interface, not a fake prompt generated by malware or a spoofed application.

When Secure logon is not required, attackers can try to imitate the Windows sign-in experience and trick users into typing passwords into a look-alike screen. Enforcing Ctrl+Alt+Delete reduces this risk by requiring a sequence that typical applications cannot intercept, helping protect credentials from capture and improving overall logon hardening.

In enterprise environments, enabling Secure logon is a simple baseline control for interactive sign-ins. It is especially useful on shared workstations or devices that move across networks, where users are more likely to encounter unexpected prompts and where credential theft has a higher impact.

You can detect this misconfiguration (Secure logon (Ctrl+Alt+Delete logon) is not enabled) using Vulnerability Manager Plus. This misconfiguration comes under the category of Logon Security and has a Critical severity.

Quick Setup

To detect this misconfiguration:

Open the Vulnerability Manager Plus console and go to Threats---> System Misconfiguration, and you can see the detected misconfigurations list.
In the misconfiguration list, use the search box to type Secure and filter results to focus only on related findings.
Open the misconfiguration named Secure logon (Ctrl+Alt+Delete logon) is not enabled, confirm it matches the expected finding, and review the details to understand why it is flagged.
Check the affected endpoints list to identify which devices need a fix, then prioritize devices where the service is reachable and not required.
For each affected device, plan remediation to enable Secure logon and document the remediation goal.

To remediate the misconfiguration using Group Policy:

Open Local Group Policy Editor (gpedit.msc).
Navigate to Computer Configuration → Windows Settings → Security Settings → Local Policies → Security Options.
Locate Interactive logon: Do not require CTRL+ALT+DEL.
Set it to Disabled.
Apply the policy and run gpupdate /force (or restart) to enforce the change.

This remediation does not require reboot.

Scheduling reports keeps teams informed without needing to log in manually.

Refer to this page to know in detail more about misconfiguration hardening

Frequently Asked Questions

What is Secure logon (Ctrl+Alt+Delete)?

Secure logon is a Windows sign-in requirement that makes users press Ctrl+Alt+Delete before entering credentials. It adds a trusted step to confirm the sign-in screen is genuine.

What does Ctrl+Alt+Delete (Secure Attention Sequence) do?

Ctrl+Alt+Delete is the Secure Attention Sequence (SAS). It signals Windows to switch to a trusted security screen that normal applications cannot reliably imitate or intercept.

Why should Secure logon be enabled in an enterprise?

It helps prevent spoofed logon prompts and reduces the risk of credential theft by requiring a trusted action before users can type passwords, especially on shared or roaming devices.

What risks exist if Ctrl+Alt+Delete is not required at sign-in?

If Secure logon is disabled, attackers may attempt to present a fake Windows sign-in screen to trick users into entering credentials, increasing exposure to password capture and social engineering.

How can I verify whether Secure logon is enabled on a Windows device?

Check the policy setting Interactive logon: Do not require CTRL+ALT+DEL. If it is set to Disabled, Secure logon is enforced (Ctrl+Alt+Delete is required).

What is the exact Group Policy setting to enforce Ctrl+Alt+Delete?

In Group Policy, set Interactive logon: Do not require CTRL+ALT+DEL to Disabled. This enforces Secure logon across targeted machines.

Where is this setting located in the Group Policy Editor?

Go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options, then configure Interactive logon: Do not require CTRL+ALT+DEL.

Do users need to reboot after enabling Secure logon through GPO?

Typically, the setting applies after a Group Policy refresh and may take effect at the next sign-in. If it doesn’t apply immediately, run gpupdate /force and have users sign out and sign in again. A reboot may be needed in some environments.

Does enabling Ctrl+Alt+Delete affect Remote Desktop (RDP) sign-ins?

It primarily applies to interactive logons. For RDP sessions, the Secure Attention Sequence is handled differently (often via the RDP client), but enforcing Secure logon still strengthens the local interactive sign-in experience on endpoints.

What should I validate after applying the policy?

Confirm that users are prompted to press Ctrl+Alt+Delete before the password screen appears. Also verify the effective policy on endpoints and ensure the GPO is linked to the correct OUs and applied without conflicts.