Ctrl+Alt+Del missing from Windows 8 Domain member

Posted on 2012-09-20
Last Modified: 2012-09-24

I am running Windows 8 Enterprise 64 bit. (RTM not a preview)
It is joined to a 2008 R2 Domain.
The Functional level of the domain is 2008 R2.
There have been no domain changes or GPO changes.
This is a new install of Windows 8.
Yes I can replicate the problem on other Windows 8 machines and VM.
The problem does not occur on any other Windows OS, just on 8.


When the computer boots to Windows 8, or the user returns from a Lock or Log Off, they are not prompted with the Ctrl+alt+del requirement. They simply click any key or the mouse button and they are prompted for password. This is only common to Windows 8 computers. All XP, 2003, 7, Vista, 2008, etc. systems on the domain require the Crt+alt+del key press.

In my research there is the ability to disable the ctrl+alt+del but no option to require it. (possibly setting the GPO to disabled rather than not defined, but why would that matter?) This is not the case in my domain, this GPO is set to not defined and all other flavors of Windows require the key press as expected. In my reading, any domain member, including Windows 8 systems, should require the key press out of the box. I should not have to change anything, just the fact it is a domain member should require this.

Anyone else see this behavior?
Any ideas on how to force the ctrl+alt+del on a Windows 8 Enterprise Domain member system?
This needs to be a domain wide solution, not a local edit.
Question by:rollnpc
    LVL 13

    Accepted Solution

    I think you may want to try setting the GPO setting to Disabled. It's possible that because it's new software, it may have a few bugs, perhaps one "change"/bug/"hidden feature"lol is that that gpo is inherently Enabled on Win 8 machines. Or possibly the flag that should enforce the Ctl-Alt-Del requirement isn't in force or working.

    Either way, try setting that GPO setting to disabled, and see if that works.

    After doing some googling, it seems that CTRL+ALT+DEL has had numerous adjustments, specifically when looking at tablet computing, as we know code is shared in a number of places, especially header files, where such constants are likely defined.

    I will update if i find more information

    Author Comment

    Thanks @themrrobert. This is an option that I have pondered. My concern here would be a policy applied across thousands of machines unnecessarily. I try to keep my root policies as light as possible, but if it must be it must be. In reading, it sounds like this is not normal behavior. It seems the ctrl+alt+del is expected on a domain member.

    Thanks for the answer and I will test it after the weekend and check back.
    LVL 13

    Expert Comment

    Yes I agree it definitely should require Ctrl Alt Del, but things don't always work as they should.

    Something to have prepared would be the results of
    gpresult /R
    this will tell you what policies are being applied as well as other information. Very useful in this situation, will help determine if policies are actually being applied at all like they should be.
    LVL 39

    Expert Comment

    by:Krzysztof Pytko
    This is strange but new feature. Remember that Windows 8 is developed not only for PCs :) Microsoft plans to take some tablet market and that's why you don't have to use CTRL+ALT+DEL to be prompt for password as tablets...

    have no this key combination :D They are touch screen devices and probably that was the plan to not use CTRL+ALT+DEL combination to re-logon

    that's all

    LVL 95

    Expert Comment

    by:Lee W, MVP


    Go to the User Accounts Control Panel


    click on "Manage User Accounts"


    In the window that appears, click the Advanced Tab (see image)


    In the bottom third of the Window with the Advanced tab, under Secure sign-in, place a check in the box to "Require users to press Ctrl+Alt+Delete"Requiring Secure Sign-in
    LVL 95

    Expert Comment

    by:Lee W, MVP
    You know, I missed the very last sentence of the question.

    Trying to determine what, if any group policy will make this adjustment for you.  If not, I strongly suspect it can be done with a registry edit that can be pushed out through script or group policy and the setting may be preserved on systems deployed via imaging (which, if you're using Enterprise, would most likely be the best way for you to deploy this!)

    Unfortunately, I may not have an answer until late tonight/tomorrow unless others I'm talking to chime in after they can test/check.  Philip?  :-)

    I will say I reviewed the list of group policies in 2012 and there does NOT appear to be one that specifically addresses this.
    LVL 38

    Expert Comment

    by:Philip Elder
    SBSComputers linked/Enforced GPO Settings
    Shown is the GPO setup we use for all of our deploys.

    Note that we use an OU structure that is either SBS based (MyBusiness --> Computers --> SBSComputers) or we structure our OUs similarly for our Stack deploys (SITES (if used) --> SiteComputers --> UserComputers or SITES --> SiteComputers --> ServerSystems).

    We do not create and link GPOs at the domain level if we can help it. The default Computers container is not where we leave any PC or member Server. The same is true for user accounts.

    With the shown settings Windows 8, 7, Vista, XP Professional/Business and up will require the CTRL+ALT+DEL to log on.

    We also set the user names to not show while the system is locked or when they do go to log on. It is an extra step for them but saves a someone/stranger scoping a logon by hitting the key strokes (BTDT).

    [EDIT] Sorry for the multiple edits. Still getting used to this new interface. :P


    Author Closing Comment

    I appears that the best/easiest way to accomplish this is to apply the GPO in the below manner:

    GPO Location = Computer > Policies > Windows Settings > Security Settings > Local Policies > Security Options

    Set the policy = "Interactive logon: Do not require CTRL+ALT+DEL" to to "Disabled"

    After a" gpupdate /force" or a reboot CTRL+ALT+DEL will be required.
    LVL 52

    Expert Comment

    2 cts: It has officially changed, yes. See the policy description.
    Default on domain-computers: Enabled: At least Windows  8/
    Disabled: Windows 7 or earlier.
    Default on stand-alone computers: Enabled.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Problem I recently had a lot of trouble with File Explorer hanging on my personal computer running Windows 8.1. It's important to note that this isn't Internet Explorer. This was happening when I attempted to access a local network location where I…
    No matter the version of Windows you are using, you may have some problems with Windows Search running too slow or possibly not running at all. Before jumping into how you can solve this issue, just know there are many other viable alternative deskt…
    In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
    The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now