How does Windows decide what instructions to provide for unlocking the PC?

Raymond Chen

A customer reported that they had purchased a bunch of machines that purported to be identical, yet they showed different instructions on how to unlock the PC when the group policy is set that requires the secure attention sequence to log on. They wanted to know how Windows decides which message to show.

Okay, here’s how it works: The system goes through these scenarios in order, taking the first one that matches.

Condition Instructions
Has power button and volume-down button Power + Volume down. If a keyboard is attached, then also Ctrl+Alt+Del.
Has Windows key on bezel Windows + Power. If a keyboard is attached, then also Ctrl+Alt+Del.
Is a Tablet PC Ctrl+Alt+Del or Windows Security button.
Otherwise Ctrl+Alt+Del.

The system detects the power button by looking for HID usage page 1 (Generic: HID_USAGE_PAGE_GENERIC), usage 0x81 (System Control group, System Power Down: HID_USAGE_GENERIC_SYSCTL_POWER). The volume-down button is HID usage page 12 (Consumer: HID_USAGE_PAGE_CONSUMER), usage 0xEA (Audio group, Volume Decrement: HID_USAGE_CONSUMER_VOLUME_DECREMENT).

The Windows key on the bezel is detected by looking for it as a GPIO button. Here are some hardware details on how to set up the button. I hope that page makes sense to you, because I don’t understand it.

To help the customer figure out what the difference is between the systems, we recommended that they verify that the BIOS and drivers are the same version and are identically-configured. Because it’s the BIOS and drivers that have primary responsibility for reporting the chassis buttons.