brasimr
asked on
Problem with "Disable CTRL+ALT+DEL Requirement for Logon" policy
Hello,
We have a number of Win2K3 servers joined to domain at various customer locations. A reboot with autologon is performed monthy. (Due to a specific application the autologon is unavoidable). At some of the customer locations, the autologon does not work as required: CTRL+ALT+DEL is required to be pressed. Once entered, the rest of the autologon process will work correctly. This is not an option, since nobody is available to press the keys when the reboot occurs. This has only been an issue with Win2k3 servers joined to a domain.
I am assuming this is due to the "Disable CTRL+ALT+DEL requirement for logon" policy being Disabled on the servers. I would like to verify this before going back to the local admins to change the policy. However, I am unable to duplicate the behavior in testing. I have tried enabling/disabling the policy in Local Security Settings, as well as adding the DisableCAD registry key and adjusting the setting there. No matter what I set, or in what combination, I have never duplicated the problem case: i.e. the server reboots, sits waiting at the logon prompt, CTRL+ALT+DEL is pressed, then the logon continues. In every test, the autologon proceeds all the way through without requiring the keystrokes.
So my questions are 1) Am I looking at the correct policy, and 2) When setting up the test case, why does the autologon NOT require ctrl+alt+del to be pressed when the "Disable CTRL+ALT+DEL requirement for logon" policy is set to Disabled? I have tried on both Windows 2003 and 2000. Unfortunately I am only able to test on Workgroup members. A domain controller is not available at present. Will the policy only work correctly on a Domain member?
Thank you.
We have a number of Win2K3 servers joined to domain at various customer locations. A reboot with autologon is performed monthy. (Due to a specific application the autologon is unavoidable). At some of the customer locations, the autologon does not work as required: CTRL+ALT+DEL is required to be pressed. Once entered, the rest of the autologon process will work correctly. This is not an option, since nobody is available to press the keys when the reboot occurs. This has only been an issue with Win2k3 servers joined to a domain.
I am assuming this is due to the "Disable CTRL+ALT+DEL requirement for logon" policy being Disabled on the servers. I would like to verify this before going back to the local admins to change the policy. However, I am unable to duplicate the behavior in testing. I have tried enabling/disabling the policy in Local Security Settings, as well as adding the DisableCAD registry key and adjusting the setting there. No matter what I set, or in what combination, I have never duplicated the problem case: i.e. the server reboots, sits waiting at the logon prompt, CTRL+ALT+DEL is pressed, then the logon continues. In every test, the autologon proceeds all the way through without requiring the keystrokes.
So my questions are 1) Am I looking at the correct policy, and 2) When setting up the test case, why does the autologon NOT require ctrl+alt+del to be pressed when the "Disable CTRL+ALT+DEL requirement for logon" policy is set to Disabled? I have tried on both Windows 2003 and 2000. Unfortunately I am only able to test on Workgroup members. A domain controller is not available at present. Will the policy only work correctly on a Domain member?
Thank you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Run "gpresult /v" to inspect what policies are really applied after the modification.
ASKER
Ryan,
I'm a newbie to this site and not sure what to do at this point. I would consider the question partially resolved, in that it appears a few of the responders are confirming my question about which policy is involved. I do not have an answer for the second part, concerning why I cannot duplicate the behavior on a test network. I apologize for leaving the question open. Please advise how to proceed. And thanks to those who posted suggestions.
I'm a newbie to this site and not sure what to do at this point. I would consider the question partially resolved, in that it appears a few of the responders are confirming my question about which policy is involved. I do not have an answer for the second part, concerning why I cannot duplicate the behavior on a test network. I apologize for leaving the question open. Please advise how to proceed. And thanks to those who posted suggestions.
ASKER
I'm still confused about the second question, though. I'm trying to duplicate the original problem on a test server (CTRL+ALT+DEL is required) then change the local policy and verify it no longer requires the CTRL+ALT+DEL for the autologon to work. But I can never get it to require the keys. Even when I explicity set the policy to require, it does not require the keys.