Jerry's Incoherent Babbling » Vista Feb CTP contains service session 0 mitigation code. Cool!
Jerry's Incoherent Babbling

Vista Feb CTP contains service session 0 mitigation code. Cool!

If you're an IT Pro or a developer, you've probably taken an interest in the new session seperation in Windows Vista. This is the new design in Windows Vista that moves users out of "session 0" and reserves session 0 for services and drivers. Unfortunately, this means that a common "shortcut" that many developers used to take no longer works. In the past, devs could simply pop stuff up from their services on "WinSta0\Default" and know that it would appear on your screen (as long as you weren't on a terminal server).

Now though Vista has introduced a very terminal server like environment as a security enhancement. User sessions start with session 1 and will increment as you use "Switch User" or logoff and on. Services, like the nulls that they are, still hang out in session 0 all by themselves. Services like Symantec's Anti-Virus product (and many others) will need to be re-written to be able to pop UI up on the user's screen. Microsoft has seen that this can be a real problem for some vendors and even some LOB applications, so they have shimmed it in the most recent build of Vista (the Feb CTP or build 5308). For example, see what Vista now shows when SAV detects a virus and pops up their UI on session 0:

This allows the user to very easily access that session 0 info without exposing any other session 0 UI and without incurring a security risk. When I clicked "Check request...", I then got taken to a session 0 desktop like this:

Here, we can interact with the Symantec UI even though Symantec has not released a real Vista compliant version of their AV product yet. The same would hold true for services that your companies may have developed.

This seems to be a fairly elegant bridging technology to allow users applications to still work, while being enough of a pain that their vendors will definitely hear about it. All the while maintaining the session seperation and security.

Kudos to Microsoft for this design.

Posted Feb 24 2006, 02:14 PM by Jerry

Follow Me on Twitter

Did you enjoy this article? If yes, then subscribe to our RSS 2.0 feed or

Comments

JonRobertson wrote re: Vista Feb CTP contains service session 0 mitigation code. Cool!
on 03-01-2006 12:37 PM
Since Terminal Services for NT was released, we've relied on the Session ID to determine whether a user was local or remote.

We had to make changes when WinXP Remote Desktop was implemented.

Now we'll have to make more changes when Vista is released.

Are there APIs available that will report whether a user is local or remote, without relying on the session ID?

Are there APIs available that will report whether a remote user is logged in via Remote Desktop vs Terminal Services?

I asked these questions previously on the msdn managed terminal services newsgroup, but I never got an useful answer.

Thanks
JonRobertson wrote re: Vista Feb CTP contains service session 0 mitigation code. Cool!
on 03-01-2006 12:42 PM
Also, our application is a client/server app that uses DCOM to expose our servers.  Previously, we have been unable to get a DCOM client running in session > 0 to connect to a DCOM server running in session 0.  DCOM always wants to launch another instance of the server in the user's session.  This is not what we want.

How will the changes for Vista affect such DCOM servers?  Will there be a way to resolve this in Vista for our application?  Is there a way to resolve it now with Windows 2000 or 2003?

Thanks again
kaiwai wrote re: Vista Feb CTP contains service session 0 mitigation code. Cool!
on 03-03-2006 3:43 AM
<i>Are there APIs available that will report whether a remote user is logged in via Remote Desktop vs Terminal Services?</i>

It shouldn't matter; Terminal Services would be treated the same as if you were logged in as a local user, and as for remote; same situation, it'll be using an existing open session - its the equivilant of running VNC in an already running session, hardly something that exciting.

As for DCOM - look up Communication Foundation, which will be available for Windows 2003 and Windows XP (along with WinFX and a number of other technologies).

All the information is on their website, have a look.
JonRobertson wrote re: Vista Feb CTP contains service session 0 mitigation code. Cool!
on 03-03-2006 7:06 AM
For our product, Remote Desktop and Terminal Services are not treated the same.  It has to do with how we license our product to our users.  Therefore, it does matter to me.

Also, our application is Win32 and will be until 2010, I'd suspect.  The DCOM vs Terminal Services issue has been an issue since Terminal Services for Windows NT was introduced.  I was hoping with the changes to Terminal Services being made in Vista that it might finally be addressed.
Josh Phillips wrote re: Vista Feb CTP contains service session 0 mitigation code. Cool!
on 03-03-2006 11:17 AM
Jon,

I will see if I can get someone from MS to comment here for you.

Josh
Nick wrote re: Vista Feb CTP contains service session 0 mitigation code. Cool!
on 03-09-2006 5:11 PM
Windows is a registered trademark of Microsoft Corporation.
Powered by Community Server (Non-Commercial Edition), by Telligent Systems Themed By nb development