How does Windows decide what instructions to provide for unlocking the PC?

Raymond Chen

A customer reported that they had purchased a bunch of machines that purported to be identical, yet they showed different instructions on how to unlock the PC when the group policy is set that requires the secure attention sequence to log on. They wanted to know how Windows decides which message to show.

Okay, here’s how it works: The system goes through these scenarios in order, taking the first one that matches.

Condition Instructions
Has power button and volume-down button Power + Volume down. If a keyboard is attached, then also Ctrl+Alt+Del.
Has Windows key on bezel Windows + Power. If a keyboard is attached, then also Ctrl+Alt+Del.
Is a Tablet PC Ctrl+Alt+Del or Windows Security button.
Otherwise Ctrl+Alt+Del.

The system detects the power button by looking for HID usage page 1 (Generic: HID_USAGE_PAGE_GENERIC), usage 0x81 (System Control group, System Power Down: HID_USAGE_GENERIC_SYSCTL_POWER). The volume-down button is HID usage page 12 (Consumer: HID_USAGE_PAGE_CONSUMER), usage 0xEA (Audio group, Volume Decrement: HID_USAGE_CONSUMER_VOLUME_DECREMENT).

The Windows key on the bezel is detected by looking for it as a GPIO button. Here are some hardware details on how to set up the button. I hope that page makes sense to you, because I don’t understand it.

To help the customer figure out what the difference is between the systems, we recommended that they verify that the BIOS and drivers are the same version and are identically-configured. Because it’s the BIOS and drivers that have primary responsibility for reporting the chassis buttons.

6 comments

Comments are closed. Login to edit/delete your existing comments

  • Dan Bugglin 0

    There’s got to be a little more nuance here. Pretty sure Windows wouldn’t ask me to use the power button on my desktop PC case and the volume spinner on my keyboard at once to log in. 🙂 I guess it’s either looking for a non-keyboard Volume Down button or the power button on PC cases is considered a different kind of button than the one you’re talking about (I know some PC keyboards have a Power button).

  • AnĂ­bal Pozo Galán 0

    Hi, Raymond. I just wanted to say: thank you, your post ‘Hidden gotcha: The command processor’s AutoRun setting’ is old like hell but saved my day. Thank you!

    • Joshua Hudson 0

      FYI, I’m pretty sure the autorun should only be used to run SET commands. It seems kind of like having a .bashrc; put something stupid in there and you will have a bad day.

  • Peter Cooper Jr. 0

    I’m also very curious what goes into the “Is a Tablet PC” determination. My work laptop isn’t a “tablet” in any traditional sense of the word, though it does have a touchscreen, and I’m prompted to use “Ctrl+Alt+Del or Windows Security button,” even though I have no idea what this “Windows Security button” might be in this instance.

    • Raymond ChenMicrosoft employee 0

      “Tablet PC” was the marketing name for a specific class of PC. I’m surprised anyone makes them any more. My guess is that your manufacturer set the flag incorrectly in their device configuration. One of the features of the “Tablet PC” is that there was a dedicated “Secure Attention Sequence (Ctrl+Alt+Del)” button on the chassis.

      • Jorge Perez 0

        Doesn’t Panasonic still make them?

Feedback usabilla icon