User Account Control, or just UAC is a part of the Windows security system which prevents apps from making unwanted changes on your PC. For extra security, you may want to enable an extra Ctrl + Alt + Del dialog when prompted by UAC.
Since Windows Vista, Microsoft added a new security feature called User Account Control (UAC). It tries to prevent malicious apps from doing potentially harmful things on your PC. When some software tries to change system-related parts of the Registry or the file system, Windows 10 shows an UAC confirmation dialog, where the user should confirm if he really wants to make those changes. Usually, the apps that require elevation are related to the management of Windows or your computer in general. A good example would be the Registry Editor app.
Enabling the extra Ctrl + Alt + Del prompt can help to prevent a Trojan horse or other malware from stealing your Windows credentials. Here is how it looks:
Note: Over an RDP connection, you will be prompted to press Ctrl + Alt + End instead.
To enable the Ctrl+Alt+Del prompt for UAC in Windows 10, do the following.
- Open Registry Editor.
- Go to the following Registry key:
If you do not have such a key, then just create it.
- Here, create a new 32-bit DWORD value EnableSecureCredentialPrompting. Note: Even if you are running 64-bit Windows, you still need to use a 32-bit DWORD as the value type.
Set it to 1 to enable the extra Ctrl + Alt + Del dialog.
- To make the changes done by the Registry tweak take effect, you need to restart Windows 10.
Later, you can delete the EnableSecureCredentialPrompting value to disable the prompt.
To save your time, I made ready-to-use Registry files. You can download them here:
Using Local Group Policy Editor
If you are running Windows 10 Pro, Enterprise, or Education edition, you can use the Local Group Policy Editor app to configure the options mentioned above with a GUI.
- Press Win + R keys together on your keyboard and type:
- Group Policy Editor will open. Go to Computer Configuration\Administrative Templates\Windows Components\Credential User Interface. Enable the policy option Require trusted path for credential entry as shown below.