Security Settings
What is it?
This page describes two Windows local security policies required for OpCon RPA to interact with the Windows Credential Provider. These settings allow OpCon RPA to perform foreground task execution and session management on Windows 2008 and later.
Windows 2008 and later security settings for Credential Provider
Two security settings are required for foreground execution. These settings allow OpCon RPA to interact with the Windows Credential Provider, which is necessary for session management when a task runs.
1. Do not require CTRL+ALT+DEL
To make interactive logon work in Windows 2008 and later, you must disable SAS (Secure Attention Sequence).
Steps
To disable SAS, complete the following steps:
-
Open Administrative Tools > Local Security Policy.
-
Go to Local Policies > Security Options.
-
Find the policy Interactive logon: Do not require CTRL+ALT+DEL.
-
Set it to Enabled.
Details
This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on.
- Enabled: A user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords.
- Disabled: The user is required to press CTRL+ALT+DEL before logging on to Windows.
Defaults:
| Environment | Default |
|---|---|
| Domain-computers (Windows 8 and later) | Enabled |
| Domain-computers (Windows 7 or earlier) | Disabled |
| Stand-alone computers | Enabled |
2. User Account Control: Admin Approval Mode for the Built-in Administrator Account
To communicate with the Credential Provider, disable this setting.
After applying this setting, the computer must be rebooted.
Steps
To disable Admin Approval Mode for the built-in Administrator account, complete the following steps:
- Open Administrative Tools > Local Security Policy.
- Go to Local Policies > Security Options.
- Find the policy User Account Control: Use Admin Approval Mode for the built-in Administrator account.
- Set it to Disabled.
Details
This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account.
- Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege prompts the user to approve the operation.
- Disabled (Default): The built-in Administrator account runs all applications with full administrative privilege.
FAQs
Why does OpCon RPA need these security settings? The settings allow OpCon RPA to interact with the Windows Credential Provider for session management during foreground task execution.
Do I need to reboot after changing the Admin Approval Mode setting? Yes. After applying the Admin Approval Mode change, the computer must be rebooted.
Which Windows versions do these settings apply to? Windows 2008 and later.
Glossary
| Term | Definition |
|---|---|
| Credential Provider | The Windows component that handles user credentials at logon. |
| SAS (Secure Attention Sequence) | The CTRL+ALT+DEL key combination Windows uses to start a trusted path for user authentication. |
| Admin Approval Mode | A User Account Control mode that requires the built-in Administrator account to approve elevated operations. |