Console session will no longer be session 0 in Longhorn

This is actually good news, security wise. I'm just worried about services that will break.

From the latest Windows Hardware news:

In Microsoft Windows XP, Windows Server 2003, and earlier versions of the Windows operating system, all services run in the same session as the first user who logs on to the console. This session is called Session 0. Running services and user applications together in Session 0 poses a security risk because services run at elevated privilege and therefore are targets for malicious agents looking for a means to elevate their own privilege level.

The Windows Vista operating system mitigates this security risk by isolating services in Session 0 and making Session 0 noninteractive. In Windows Vista, only system processes and services run in Session 0. The first user logs on to Session 1, and subsequent users log on to subsequent sessions. This means that services never run in the same session as users' applications and are therefore protected from attacks that originate in application code.

What might be affected by this change? Possibly:

• Any applications or drivers that are installed as services.

• Any drivers that are loaded within operating system services.

• Any processes running in Session 0 (such as printer drivers or UMDF drivers).
For example, if a device installer running in Session 0 creates a dialog box that requires user input to continue, the device installation never completes because the user does not see the dialog box. From the user's perspective, the device installer appears hung.
Other areas that might be affected include interprocess communication and assumptions about display resolution and the namespace that contains named objects.
What you should do in your drivers?

• Use a client/server mechanism such as remote procedure call (RPC) or named pipes rather than window messages to communicate with applications.

• Implement any user interface using WTSSendMessage or CreateProcessAsUser.

• Query display properties in the user's session, not in Session 0.

• Explicitly choose either the Local\ or Global\ namespace for any named objects.

• Test the driver in Windows Vista to ensure that it runs properly. If that is not possible, test the driver in Windows XP with Fast User Switching enabled and multiple users logged on.

For more details, please read: Impact of Session 0 Isolation on Services and Drivers in Windows Vista

-Annie Pearson
for the WHDC team