How to Enable or Disable Ctrl+Alt+Delete Secure Desktop for UAC prompt in Windows


When User Account Control (UAC) is enabled, Windows prompts for consent or prompts for credentials of a valid local administrator account before starting a program or task that requires a full administrator access token. This prompt ensures that no malicious software can be silently installed or run.

With the Always notify or Default UAC setting enabled, your desktop will be switched to the dimmed secure desktop when you get an elevation request by the User Account Control (UAC) prompt.

A user that is a member of the Administrators group can log on, browse the Web, and read e-mail while using a standard user access token. When the administrator needs to perform a task that requires the administrator access token, Windows 10 automatically prompts the user for Y/N approval. This prompt is called an elevation prompt for UAC consent prompt.

The user experience for standard users is different from that of administrators in Admin Approval Mode. The recommended and more secure method of running Windows 10 is to make your primary user account a standard user account. Running as a standard user helps to maximize security for a managed environment. With the built-in UAC elevation component, standard users can easily perform an administrative task by entering valid credentials for a local administrator account. The default, built-in UAC elevation component for standard users is the UAC credential prompt.

See also: How User Account Control works (Windows 10) | Microsoft Docs

If you like, you can enable a policy that requires users to press Ctrl+Alt+Delete when prompted by UAC to provide consent (administrators) or credentials (standard users) on the Secure Desktop by means of the trusted path mechanism for better security. This can prevent a Trojan horse or other types of malicious code from stealing the user’s Windows credentials.

This tutorial will show you how to enable or disable requiring Ctrl+Alt+Delete Secure Desktop (aka: authentic Windows sign-in screen) for User Account Control (UAC) prompt for all users in Windows 7, Windows 8, or Windows 10.

You must be signed in as an administrator to enable or disable requiring Ctrl+Alt+Delete Secure Desktop for UAC prompt.


 CONTENTS:

  • Option One: Enable or Disable Ctrl+Alt+Delete Secure Desktop for UAC prompt in Local Group Policy Editor
  • Option Two: Enable or Disable Ctrl+Alt+Delete Secure Desktop for UAC prompt using a REG file



EXAMPLE: Ctrl+Alt+Delete Secure Desktop for UAC prompt
Enable Ctrl+Alt+Delete Secure Desktop for UAC prompt in Windows-ctrl-alt-del_secure_desktop_for_uac-1.png
Enable Ctrl+Alt+Delete Secure Desktop for UAC prompt in Windows-ctrl-alt-del_secure_desktop_for_uac-2.png
Enable Ctrl+Alt+Delete Secure Desktop for UAC prompt in Windows-ctrl-alt-del_secure_desktop_for_uac-3.png Enable Ctrl+Alt+Delete Secure Desktop for UAC prompt in Windows-ctrl-alt-del_secure_desktop_for_uac-4.png






OPTION ONE

Enable or Disable Ctrl+Alt+Delete Secure Desktop for UAC prompt in Local Group Policy Editor



The Local Group Policy Editor is only available in the Windows 7/8/10 Pro, Windows 7/8/10 Enterprise, and Windows 10 Education editions.

All editions can use Option Two below.

1. Open the Local Group Policy Editor.

2. In the left pane of Local Group Policy Editor, navigate to the location below. (see screenshot below)

Computer Configuration\Administrative Templates\Windows Components\Credential User Interface

Enable Ctrl+Alt+Delete Secure Desktop for UAC prompt in Windows-ctrl-alt-del_secure_desktop_for_uac_gpedit-1.jpg

3. In the right pane of Credential User Interface in Local Group Policy Editor, double click/tap on the Require trusted path for credential entry policy to edit it. (see screenshot above)

4. Do step 5 (disable) or step 6 (enable) below for what you would like to do.


 5. To Disable Ctrl+Alt+Delete Secure Desktop for UAC prompt

A) Select (dot) Not Configured or Disabled, click/tap on OK, and go to step 7 below. (see screenshot below)

Not Configured is the default setting.


 6. To Enable Ctrl+Alt+Delete Secure Desktop for UAC prompt

A) Select (dot) Enabled, click/tap on OK, and go to step 7 below. (see screenshot below)

Enable Ctrl+Alt+Delete Secure Desktop for UAC prompt in Windows-ctrl-alt-del_secure_desktop_for_uac_gpedit-2.png

7. When finished, close the Local Group Policy Editor if you like.






OPTION TWO

Enable or Disable Ctrl+Alt+Delete Secure Desktop for UAC prompt using a REG file



The downloadable .reg files below will add and modify the DWORD value in the registry key below.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI

EnableSecureCredentialPrompting DWORD

(delete) = Disable
1 = Enable


1. Do step 2 (enable) or step 3 (disable) below for what you would like to do.


 2. To Enable Ctrl+Alt+Delete Secure Desktop for UAC prompt

A) Click/tap on the Download button below to download the file below, and go to step 4 below.

Enable_Ctrl+Alt+Del_Secure_Desktop_for_UAC_prompt.reg

Download


 3. To Disable Ctrl+Alt+Delete Secure Desktop for UAC prompt

This is the default setting.

A) Click/tap on the Download button below to download the file below, and go to step 4 below.

Disable_Ctrl+Alt+Del_Secure_Desktop_for_UAC_prompt.reg

Download

4. Save the .reg file to your desktop.

5. Double click/tap on the downloaded .reg file to merge it.

6. When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

7. You can now delete the downloaded .reg file if you like.


That's it,
Shawn


Related Tutorials



  • Windows 11 Tutorials