SCMe3c42d144ae94f3eacc8e77e97145b0a

Monitor_SCMe3c42d144ae94f3eacc8e77e97145b0a (UnitMonitor)

When this setting is configured to Enabled, users are not required to use the CTRL+ALT+DEL key combination to log on to the network.

Knowledge Base article:

External

http://go.microsoft.com/fwlink/?LinkId=243138

Element properties:

Target

Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security

Parent Monitor

System.Health.ConfigurationState

Category

Alert

Enabled

True

Alert Generate

True

Alert Severity

Error

Alert Priority

Normal

Alert Auto Resolve

True

Monitor Type

Microsoft.KnowledgeServices.Library.PowerShellMonitorEx

Remotable

True

Accessibility

Public

Alert Message

Interactive logon: Do not require CTRL+ALT+DEL

<Details>
<Content>This policy setting determines whether users must press CTRL+ALT+DEL before they log on. If you enable this policy setting, users can log on without this key combination. If you disable this policy setting, users must press CTRL+ALT+DEL before they log on to Windows unless they use a smart card for Windows logon. A smart card is a tamper-proof device that stores security information.

Consideration:
Microsoft developed this feature to make it easier for users with certain types of physical impairments to log on to computers that run Windows. If users are not required to press CTRL+ALT+DEL, they are susceptible to attacks that attempt to intercept their passwords. If CTRL+ALT+DEL is required before logon, user passwords are communicated by means of a trusted path. An attacker could install a Trojan horse program that looks like the standard Windows logon dialog box and capture the user's password. The attacker would then be able to log on to the compromised account with whatever level of privilege that user has.

Impact:
Unless they use a smart card to log on, users will have to simultaneously press three keys before the logon dialog box will display.

Recommendation:
Configure the Disable CTRL+ALT+DEL requirement for logon setting to Disabled.

Group Policy Path:
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL</Content>
<CollectedInformation>
<Info>
<Name>Recommended Value</Name>
<Value>Disabled</Value>
</Info>
<Info>
<Name>Actual Value</Name>
<Value>{0}</Value>
</Info>
</CollectedInformation>
</Details>

RunAs

Default

Comment

SupportTopic=TBD;VersionNumber=1.0.0.1;

Source Code:

<UnitMonitor ID="Monitor_SCMe3c42d144ae94f3eacc8e77e97145b0a" Comment="SupportTopic=TBD;VersionNumber=1.0.0.1;" Accessibility="Public" Enabled="true" Target="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="KnowledgeServicesLibrary!Microsoft.KnowledgeServices.Library.PowerShellMonitorEx" ConfirmDelivery="true">

  <Category>Alert</Category>

  <AlertSettings AlertMessage="MonitorMessagee3c42d144ae94f3eacc8e77e97145b0a">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Data/Context/Property[@Name='ActualValue']$</AlertParameter1>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>

    <OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Error"/>

  </OperationalStates>

  <Configuration>

    <ScriptName>SCMe3c42d144ae94f3eacc8e77e97145b0a.ps1</ScriptName>

    <Parameters>

      <Parameter>

        <Name>ActualValue</Name>

        <Value>$Target/Property[Type="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security"]/InteractivelogonDonotrequireCTRLALTDEL$</Value>

      </Parameter>

    </Parameters>

    <ScriptBody><Script>





param($ActualValue)



$ErrorActionPreference = "Stop"



# Set up the arguments

$scriptargs = new-object psobject

$scriptargs | add-member NoteProperty "ActualValue" $ActualValue



# Set up the output

$global:scriptoutput = new-object psobject

$scriptoutput | add-member NoteProperty "ActualValue" ""

$unit = $null

$valueToFriendlyName = $null

$valueToFriendlyName += @{"" = "[Setting Not Present]"}

$valueToFriendlyName += @{"0" = "Disabled"}

$valueToFriendlyName += @{"1" = "Enabled"}



function AdvisorRule($scriptargs, $scriptoutput)

{

	$ActualValue = $scriptargs.ActualValue



	if ($unit -ne $null)

	{

		$scriptoutput.ActualValue = $ActualValue + $unit

	}

	else

	{

		$scriptoutput.ActualValue = $valueToFriendlyName.$ActualValue

	}

}



AdvisorRule $scriptargs $scriptoutput



# set the output

$mom = new-object -comobject "MOM.ScriptAPI"

$bag = $mom.CreatePropertyBag()



if ($scriptoutput.ActualValue -ne $null)

{

	$bag.AddValue("ActualValue", $scriptoutput.ActualValue)

}



$bag



</Script></ScriptBody>

    <SnapIns/>

    <TimeoutSeconds>300</TimeoutSeconds>

    <Schedule>14403</Schedule>

    <ErrorExpression>

      <SimpleExpression>

        <ValueExpression>

          <Value Type="Integer">$Target/Property[Type="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security"]/InteractivelogonDonotrequireCTRLALTDEL$</Value>

        </ValueExpression>

        <Operator>NotEqual</Operator>

        <ValueExpression>

          <Value Type="Integer">0</Value>

        </ValueExpression>

      </SimpleExpression>

    </ErrorExpression>

    <SuccessExpression>

      <Not>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <Value Type="Integer">$Target/Property[Type="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security"]/InteractivelogonDonotrequireCTRLALTDEL$</Value>

            </ValueExpression>

            <Operator>NotEqual</Operator>

            <ValueExpression>

              <Value Type="Integer">0</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </Not>

    </SuccessExpression>

  </Configuration>

</UnitMonitor>