It is not possible to intercept the CTRL-ALT-DELETE keyboard sequence in a user mode application. The "limitation" is intentional and is designed to stop applications spoofing the logon process. In short, the system is superior for not allowing it (it's more serure). See this link to learn about the
SAS[
^].