Menu
I know this question has been asked a few times and in a few different ways. However, across all the questions and answers, no one has been able to answer completely given my situation...
I work on medical devices and they run Windows. The application runs as the shell, users shouldn't be able to get behind the application, and ideally they wouldn't be able to do anything that indicates that the system is running Windows. Access to the full keyboard is necessary so disabling, damaging or remapping keys is not a solution. Given that, we need to disable SAS/CAD/Ctrl+Alt+Delete in specific; some others too, but those are easy with hooks.
Up until recently we've been using Windows XP Embedded and could replace GINA, but we're about to switch to Windows 7 (technically Windows Embedded Standard 7; but in our case they're essentially the same) and GINA is no longer an option. There must be a way to do this.
Since I've seen comments about this on other questions: I do believe this belongs on Stack Overflow. Replacing GINA is a programming question and there's no reason to assume this won't be too. While I'm open to a non-programming solution, I doubt MS would make this kind of change available in the registry, etc.
941
1. Press the Win+R keys to open Run, type netplwiz, and click/tap on OK. 2. Click/tap on the Advanced tab, and check (on) or uncheck (off) the Require users to press Ctrl+Alt+Delete box under Secure sign-in for what you want set, and click/tap on OK.
Control + Alt + Delete is a powerful key combination to terminate a running program/task or restart a computer/Windows device. Blocking this key combination becomes crucial when your Windows 7 or Windows 8 device is being used as a kiosk. SureLock blocks this key combination with its Keyboard Filtering feature.
Using the Keyboard: Press Ctrl, Alt and Del at the same time. Then, select Lock this computer from the options that appear on the screen.
Except for remapping/disabling keys, it is not possible to prevent Ctrl + Alt + Delete handling outside of kernel level code. I think this is fundamental security design feature of windows NT (and all derivatives). (Reasoning here.)
I would suggest writing a custom keyboard filter or device driver (or looking for an existing one perhaps). Not an easy task, but doable. Example resources:
That first link to the Elbacom blog, in particular, could be useful since you are also targeting windows 7 embedded.
The second link, to Interception, is newer and might also be quite useful. It provides the kernel level module and abstracts some of the handling.
As a possible alternative, consider that though you can't disable the Ctrl + Alt + Delete hook without a device driver/filter, you can prevent all of the tasks that are accessible via that hook per changes to registry or with group policy editor. A previous edit of this answer linked to a utility called "Tweak Ctrl-Alt-Del Options" that made it very easy to disable all activities accessible via Ctrl-Alt-Del. That utility is no longer available from the original source, but is still find-able and there are others like it.
129
You can disable CAD through group policy: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon set this value to 1.
or, through the advanced user accounts menu:
Open the Start Menu.
In the search line, type netplwiz and press Enter.
Click on the Advanced tab.
To Enable Secure Log On A) Check the Require users to press Ctrl+Alt+Delete box. NOTE: If the setting is grayed out, then see OPTION THREE or OPTION TWO below.
B) Go to step 6. 5. To Disable Secure Log On A) Uncheck the Requires users to press Ctrl+Alt+Delete box. NOTE: If the setting is grayed out, then see OPTION THREE or OPTION TWO below. 6. Click on OK.
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
