| Date: | November 21, 2003 / year-entry #138 |
| Tags: | history |
| Orig Link: | https://blogs.msdn.microsoft.com/oldnewthing/20031121-00/?p=41743 |
| Comments: | 30 |
| Summary: | Windows XP added a new feature called Fast User Switching which lets you switch between users without having to log off. But this feature is disabled if your computer is joined to a domain. Why? There were several reasons, none of them individually insurmountable, but they added up to quite a lot of work for... |
Windows XP added a new feature called Fast User Switching which lets you switch between users without having to log off. But this feature is disabled if your computer is joined to a domain. Why? There were several reasons, none of them individually insurmountable, but they added up to quite a lot of work for something IT administrators weren't even sure they wanted. (See a previous entry on retraining costs.)
Those of you who have gotten Longhorn can see that Fast User Switching is now enabled on domains. New infrastructure needed to be developed to enable the feature on domains without ruining the domain administrators' lives. |
Comments (30)
Comments are closed. |
This total OT. Could you do something with your page? I mean make it HTML & CSS compilant? I think someone like you should be totally aware of negativie effects of not following standards…
Yippie! One more reason not to run as "Administrator" (fast user switching make switching to an "Administrator" account to do things like install software easier).
It is one of the things I miss more at my dev machine at work from my devplay machine at home….
I was under the impression that it was because services running over SMB/NETBEUI had a one computer/one user assumption built-in.
If only there was more granularity as to what a regular user and an administrator can do on XP home…
Like the anon above, i too have XP pro at work and XP home at home. The fast switching is excellent. I haven’t seen much need for it at work though. People here typically use VMware rather than another account on the same box.
I don’t control the framing HTML the blog server generates. I just upload blog entries and it injects them into the frame. (Okay I also control the CSS file which is how I can set the goofy colors.) What noncompliance is causing problems? Maybe it’s something within my control (but I doubt it).
Regarding the CSS, I can’t speak for Mr. Sznajder, but the div header and H3 entryTitle filters always get me an unwelcome ActiveX automation security question. However, after answering No, I always get a very readable page.
Ah that’s coming from the gradient effect. Apparently the IE folks now believe gradients to be a security risk so it prompts you. Should I remove the gradient, folks? I kind of like it.
there is no gradient in Mozilla and would have never known it is in the style until this dsicussion. Thus I don’t any warning either.
There’s something I don’t get. Why is fast user switching tied to the user list version of the welcome screen? When you’re running a domain, it doesn’t present the big friendly list, it just gives you a log-in dialog where you type in your user name and password. So why couldn’t the "Switch user" option just have taken you back to the login dialog, where you could enter a different domain user account and password?
FUS could have been great for testing different locale settings, but since it’s not supported on domains I can’t use it at work.
As I noted in the entry itself, it was technically feasible but would have been a lot of work to get right [I listed only two of the problems]; it was a simple matter of not enough tim/resources. (Making changes to the classic logon UI is a particularly risky endeavour since winlogon is a super-critical system process.) And as I also noted, there *is* enough time/resources to do this for Longhorn.
uh, this may be a stupid question but why does the xp welcome screen try to log you in? and is there no that it can be turned off?
Because it would be ugly to prompt the user for their password when they don’t have one!
The other problem you face with FUS in a domain sitation is when someone FUSs away from their user (goes home for the day), and someone uses that machine, but when the user returns, they return to a differant machine (hot desking maybe) – how do you manage that? None of it’s simple.
My use of ‘Fast User Switching’ : Software translation help ! My XP Pro is in English but I installed French as well (MUI). When I need to update the translation of my app from English to French, I often come to wonder how a usual term is translated by MS. Quick switch to another user purposely set up with French UI and I have my answer in seconds !
BTW: Yes, I’m a native french speaker. But we do develop UI in English first because of international audience. And since I’ve always used an English Windows, I’m not familiar with common computer terminology in my own language !
I’m sure folks who designed the fast user switching didn’t think of that use ;-)
Not having the ability to use FUS on domains was a great bummer
when I first saw XP.
But another even worse bummer is that "offline folders" don’t work
together with FUS (I would really like to use an admin account
and an useraccount and switch between both without closing all
open applications and browser windows, but I need offline folders,
too). This was also the case with Windows Server 2000 (enabling
Terminalservices silently removed the offline-folders tabs and
menu entries from the GUI), where I once wondered why that feature
was suddenly gone.
I would really like to ignore whatever problems MS sees in enabling
offline folders and FUS together and would use ANY hack to force
it to be enabled, but I don’t know any.
I guess that the feature was removed because it is not clear which
user accesses the offline folders.
On a expo someone from MS promised that offline folders and terminalservices
would work together in Windows Server 2003, but they don’t.
Glad to hear that in Longhorn this stupid limitations will finally be
gone. It is really bad if XP has several great features, but you
find out that you only can enable one of them, not all. Nothing can
be more disappointing about an operation system!
It would be cool if you could add more points/problems to the list in your
post. This is the first time I read someonething about these limitation
and more details would be great.
Regarding the new logon-screen:
Try this: Enter a wrong password in the new GUI. Then hit STRG+ALT+ENTF
twice. Now look at the two input fields of the traditional GINA:
They are filled out.
Looks like the developers of XP were totally afraid of changing anything
in GINA and they just glued some kind of decorating frontend over it.
I think the logonui.exe can even crash without any problems.
Kind of strange way to develop things. Of course it has its advantages,
but it also feels "not right".
Hearing that logonui will even try to log you in with an empty password
is strange, too!
I hope that longhorn will clean out a lot of the mess that is hidden
inside Windows layers and layers of compatibilty. Many areas have a
great design, but there is a lot of dirt hidden inside windows.
What I would like to see is something we could perhaps call "Slow User Switching"; that you could lock the workstation using Ctrl-Alt-Del, and when pressing the secure attention sequence again, you get the choice of unlocking one of the existing sessions or if you want to logon with a new session (including another session for the same user), i.e. the unlock and logon dialog that resides on the WinLogon desktop should be merged into one.
Please do disable anything which causes an ActiveX control request. I wouldn’t know whether you’re using a gradient or not. Site pops up an ActiveX control request, I say no. Or, if I really want something, I look at every piece of code on the site before saying yes, so I can be sure of which controls I’m granting permission to use. A pain even when the administrator kill bit is usually set for the most common ad engine, Flash. Usually, ActiveX requests are a quick way to the Restricted Sites zone. Such is life with a grossly untrustable interface.
Additionally, why is it that FUS has to be disabled when using a non-MS GINA? The drivers for my wireless LAN card (Cisco Aironet 350) install a GINA to support LEAP, which breaks (among other things) FUS.
Of course, it doesn’t help that my laptop is joined to a domain either. =)
"The drivers for my wireless LAN card (Cisco Aironet 350) install a GINA to support LEAP, which breaks (among other things) FUS."
The Cisco 350 driver installs a replacement GINA, but it doesn’t need it unless your LEAP password is tied to your login password. Look in this registry key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon
and rename the GinaDLL value name with a different name. That did the trick for me!
Unfortunately, I think the last time I tried this I couldn’t authenticate with the network at all… so maybe it is needed.
Thanks anyway!
"How do you show all the users on the domain in the Welcome screen? You certainly don’t want a list with 10,000 names in it. (Scroll scroll scroll.)"
No, you simply have a system where you let the user enter their username. That is, the LOGIN: prompt. But prettier. Is this so impossible to contemplate? Has none of you guys seen a Unix box?
Charles, your point would be much better if you hadn’t chosen to focus on one particular piece of information to the exclusion of everything else. Raymond has said, twice, that those were not the only two problems, but just an example of the problems involved. See his comment from 11/21/2003 at 12:06 PM on this page. If you’re going to try and be glib and/or insulting, which is how I perceive that comment, you’ll have to do a better job.
Look in this registry key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon and rename the GinaDLL value name with a different name. That did the trick for me!
Tried this but wasn’t able to log in to XP after. Had to boot up in safe mode go back into the registry and change the winlogin value back to CSGina.dll. Incidently it was a Cisco VPN client that disabled the FUS. Oh well to FUS no mess.
I was really hoping that simultaneous console/remote usage would be a new feature of XP in SP2, but it looks like we’ll have to wait until Longhorn. I can understand why they wouldn’t want to alter the GINA, but it would be a *really* nice feature to have. Oh well – I guess I’ll hold on until 2007, or until somebody hacks the LOGONUI.EXE process. :)
Or buy a nice copy of Windows 2003 Server….
Considering he only gave two reasons, both of which are pretty vague, I think this entry was totally useless. Someone above said "Charles, your point would be much better if you hadn’t chosen to focus on one particular piece of information to the exclusion of everything else". That’s laughable, considering "everything else" was "it was too hard for us to do." How is this actually useful?
This was not meant to be a comprehensive list. The primary reason was the last sentence: To get Fast User Switching to work on domains would have required more infrastructure than there was time to implement.
I’m going to close commenting on this entry now that it’s over six months old.