Services and Session Zero in Vista and Windows Server 2008

If you've been running vista you might have come across this message: "A program can't display a message on your desktop" with the options to show the message or remind you later.  So what's the deal with this?

Gone over in detail in this doc, its because services that runs in session0 run separately from the user’s session and therefore can't display popups directly to the user.

Windows Vista isolates services in Session 0 and runs applications in other sessions, so services are protected from attacks that originate in application code. In Windows Server 2003 and earlier versions of Windows, all services run in Session 0 along with applications, which poses a security risk because services run at elevated privilege and therefore are targets for malicious agents who are looking for a means to elevate their own privilege level.

The popup itself is Windows Vista playing nice with legacy services that send user interaction dialog boxes to session zero instead of the corresponding user session, this is called the "interactive service detection service".  This workaround will be removed from the next version of Windows, at which time all applications and drivers must handle Session 0 isolation properly.

Proving that Microsoft devs are smart (IMHO), on a TS server in LH, these popups will only be displayed to the administrative sessions and not to the user sessions that are present on the TS server.

The whitepaper linked above has what devs should be doing these days to take into account this isolation.

BTW have you checked out the latest refresh of Windows Live Writer?  You should.

 

Technorati tags: windows Server 2008, Vista, Longhorn