Microsoft

Lock down your Windows Vista logon tight and then even tighter

It is possible to lock down a Microsoft Windows Vista logon procedure. In fact, it is possible to lock the procedure even tighter if you are concerned about security. Greg Shultz walks you through the steps necessary for locking down Vista tight and then even tighter.

Recently in the Windows Vista Report, I showed you how to work around having to manually log on to a Windows Vista system in your home: Bypass the Windows Vista's logon procedure. While this tip was intended for situations in which you're the only one who ever uses your Windows Vista system in your home, many readers disagreed with the idea of leaving a system unprotected.

In response to those concerns, I then followed up that article with a technique that still allowed the primary benefit of having your computer automatically boot up, but still use a password: Automatically log in to Vista and still be password protected.

In this edition of the Windows Vista Report, I've decided to go in the other direction and show you how to lock down a Windows Vista logon procedure. And, if the first technique isn't tight enough for you, then I'll show you how to lock it down even tighter.

In the first technique, you will have to press [Ctrl] + [Alt] + [Delete] before you can see the regular Welcome screen, click your icon and type in your password. In the second technique, you will press [Ctrl] + [Alt] + [Delete] to see an alternative Welcome screen in which you'll have to type in both your username and password.

The local security policy

In order to lock down Windows Vista's logon procedure, you'll need to alter the local security policy. To make these types of alterations, you'll need to launch and work from the Security Settings Extension snap-in. To do so, click the Start button, type "local security policy" in the Start Search box as shown in Figure A, and press [Enter]. When you do, you'll encounter a UAC dialog box and will need to respond accordingly.

Figure A

To access the Security Settings Extension snap-in, you'll type local security policy in the Start Search box
In a moment, you'll see the Security Settings Extension snap-in in a console window titled Local Security Policy, as shown in Figure B.

Figure B

The Security Settings Extension snap-in appears in a console window titled Local Security Policy

Requiring [Ctrl] + [Alt] + [Delete]

To require users to press [Ctrl] + [Alt] + [Delete] before they see the Welcome screen, locate Local Polices in the tree pane and expand that branch. Once you do, click on the Security Options branch. When you see a set of polices fill the right pane, scroll through them until you locate a policy called Interactive Login: Do not require CTRL + ALT + DEL. Double click that policy to access the dialog box and then select the Disabled option, as shown in Figure C.

Figure C

To require users to press [Ctrl] + [Alt] + [Delete], you'll select the Disabled option
To complete the operation, click OK, close Local Security Policy console, and reboot your system. When you're system reboots, you'll see the Welcome screen shown in Figure D. When you press [Ctrl] + [Alt] + [Delete] you'll see the regular Welcome screen and can select your user account picture and then type in your password as you normally would.

Figure D

The Welcome screen now requires that you have to press [Ctrl] + [Alt] + [Delete] to log on.

Requiring [Ctrl] + [Alt] + [Delete] and account credentials

If you wish to have an even more secure logon, you can return to the Security Options branch in the Security Settings Extension snap-in. This time when you see a set of polices fill the right pane, scroll through them until you locate a policy called Interactive Login: Do not display last user name. Double click that policy to access the dialog box and then select the Enabled option, as shown in Figure E.

Figure E

To require users to type both their user name and password, you'll select the Enabled option
To complete the operation, click OK, close the Local Security Policy console, and reboot your system. When you're system reboots, you'll see the Welcome screen shown earlier in Figure D. When you press [Ctrl] + [Alt] + [Delete] you'll see the Welcome screen shown in Figure F. As you can see, you'll have to type both your user name and your password in order to log on.

Figure F

After pressing [Ctrl] + [Alt] + [Delete], you'll have to type both your user name and your password

Get Vista tips in your mailbox!

Delivered each Friday, TechRepublic's Windows Vista Report newsletter features tips, news, and scuttlebutt on Vista development, as well as a look at new features in the latest version of the Windows OS. Automatically sign up today!

About

Greg Shultz is a freelance Technical Writer. Previously, he has worked as Documentation Specialist in the software industry, a Technical Support Specialist in educational industry, and a Technical Journalist in the computer publishing industry.

Editor's Picks

Free Newsletters, In your Inbox