In this blog post i will discuss how to disable the policy option “Do not require CTRLALTDEL”. TO do this, i will create a custom device configuration profile in intune and use the ” LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL” Policy CSP to set the policy back to disabled.
This policy currently only provides you with two options, “Enable” & “Not configured”.
If the policy has been previously enabled and now has a requirement to be disabled, setting it to not configured does not disable the setting, but rather sets it as “Not configured” for all computers yet to receive the policy.
You can read more about this policy here “Interactive logon: Do not require CTRL+ALT+DEL“
For more information about the Policy CSP that we will use, you can find that here.
- Log in to the intune portal in azure https://portal.azure.com
- For the message title, go to Intune, then Device configuration, then Profiles, Create Profile, give the profile a name, select Windows 10 and later for the Platform, and select Custom for the Profile type. Then click Configure.
- Click on Add – then give it a name
- Now for the settings
- OMA-URI: ./Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL
- Data Type: Integer
- Value: String
- Click on “OK” a few times and then click create.
- Now all thats required is to assign the configuration profile to an assignment group and we are done.
Sync the machine with intune, you should immediately see the effects. You can also open gpedit.msc and under Computer Configuration, Windows Settings, Security Settings, Local Policies, Security Options, we can see the settings.
Thank you for reading!