Secure Boot Settings

  • Thread starter Thread starter F5_Tech
  • Start date Start date
F

F5_Tech

I am looking for supporting documents from Microsoft that
Prove that Enabling Ctrl+Alt+Del for Logon makes windows
more secure. I am trying to get our network administrator
to see this point and enable this feature on all our
machines, but she wants some supporting documentation.
Can Anyone Help me?

Sincerely,

-R
Concerned IT Tech
 
The welcome screen can be used only in a non domain based infrastructure. So
I am assuming that you are using a workgroup based infrastructure. It is
disabled in a domain scenario.

This security advisory list possible problems with using the Welcome Screen

http://www.avet.com.pl/pipermail/bugdev/2003-March/002523.html

Note: This is not a supporting document from Microsoft.

I am providing this just to highlight the merits of using Ctrl-Alt-Del in a
workgroup environment - the risks highlighted in the advisory are mitigated
by not using the Welcome Screen.

I would also suggest that you evaluate using a domain based infrastructure
with AD to improve the security even further.


--
Rajkumar Mohanram [MSFT]
Windows Core Security

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
 
Try a 2x4 over the forehead, repeat as often as necessary.

Some wellknown politician (I forgot) once said that we are

entitled to our own opinions but not to our own facts.

The only time no logon is best is when the machine is
clamped down so hard it can only do what everyone is
allowed to - like a surfing kiosk in the lobby.
 
Hi F5_Tech,

"some supporting documentation"...

--------
Source: Windows 2000 Help
Topic titled: "To require pressing CTRL+ALT+DELETE before logging on"

<Begin Quote>
"Pressing CTRL+ALT+DELETE before logging on guarantees that the authentic
Windows 2000 logon prompt appears. Requiring the use of CTRL+ALT+DELETE increases
security and helps to thwart certain Trojan horse programs."
</End Quote>
--------

--------
Source: TechNet Home > Columns > Security > 5-Minute Security Advisor: 5-Minute
Security Advisor - Configuring Your Computer for Multiple Users
URL: http://www.microsoft.com/technet/columns/security/5min/5min-103.asp

<Begin Quote>
"Ctrl-Alt-Delete is a special key sequence that breaks out of any application
that might be running. This effectively prevents Trojan Horses from pretending to be
the logon screen and secretly recording your password information."
</End Quote>
--------

--------
Source: TechNet Home > Security > Hardening Systems and Servers - Checklists and
Guides > Threats and Countermeasures Guide: Chapter 5 - Security Options
URL: http://www.microsoft.com/technet/security/topics/hardsys/TCG/TCGCH05.asp

<Begin Quote>
"Interactive logon: Do not require CTRL+ALT+DEL <SNIP>
Vulnerability
<SNIP> Requiring CTRL+ALT+DEL before users log on ensures that
users are communicating by means of a trusted path when entering their passwords.

An attacker could install a Trojan horse program that looks like the standard Windows
logon dialog box and captures the user's password. The attacker would then be able to
log on to the compromised account with whatever level of privilege that user has."
</End Quote>
--------

--
Carrie Garth, Microsoft MVP for Windows 2000
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- c x g

: "F5_Tech" <raramirez AT rccfc DOT org>
: Wrote in message : Sent: Wednesday, September 10, 2003 4:30 PM
: I am looking for supporting documents from Microsoft that
: Prove that Enabling Ctrl+Alt+Del for Logon makes windows
: more secure. I am trying to get our network administrator
: to see this point and enable this feature on all our
: machines, but she wants some supporting documentation.
: Can Anyone Help me?
:
: Sincerely,
:
: -R
: Concerned IT Tech
 
Back
Top