Here's a new one



  • Just when you think you've seen every possible Windows error dialog...

    Click "Why does this happen"...

    That's a pretty long-winded way to say "*shrug* just does sometimes, dunno".

    If I click "show message" it takes me to a UAC-style alternate desktop with a dialog from LANDesk on it. LANDesk is the horrible software the French Overlords put on all our computers to make sure we aren't pirating Office and to make sure Windows is sufficiently bogged-down with crap. I couldn't take a screenshot of this, so you'll have to use your imagination.



  • Information FORM you? In any event, quite odd.



  • @Power Troll said:

    Information FORM you? In any event, quite odd.

    I bet someone at Microsoft has a great story of what kind of weird-ass hacky-shit some POS software is doing to make this necessary.



  • @Interactive Services Detection said:

    Only one user at a time can view these messages.

    Correct me if I'm wrong, but isn't Windows pretty much a single-user system (in the sense that only one person can be actively logged in and using the system)? Yes, I know that you can log in as multiple people, but even then only one person can use the system. No? Regardless, why the hell would only one person be able to see the message? That to me seems like a WTF in and of itself.



  • @dohpaz42 said:

    @Interactive Services Detection said:
    Only one user at a time can view these messages.

    Correct me if I'm wrong, but isn't Windows pretty much a single-user system (in the sense that only one person can be actively logged in and using the system)?

    Nope. XP and up have "Fast User Switching", and of course the server versions have always allowed multiple interactive logins. A lot of badly-written third party software breaks, though...

    @dohpaz42 said:

    Regardless, why the hell would only one person be able to see the message? That to me seems like a WTF in and of itself.

    Probably has something to do with it being on an alternate desktop? Honestly I don't know.



  • It's a service trying to call MessageBox and passing MB_SERVICE_NOTIFICATION. You're not supposed to do it and the desktop changes introduced in Vista added new security hoops to jump through to successfully display a message like this. For backwards compatibility Microsoft added the dialog you see instead of simply breaking misbehaving applications. This page describes what the application should do instead and why it's a bad idea.



  • It also appears when an "interactive service" tries to display anything.  Interactive services are a slightly different bad idea.  Or rather, the same bad idea, but with more enthusiasm behind it.



  • @Abso said:

    Or rather, the same bad idea, but with more enthusiasm behind it.

    This turn of phrase entertained me greatly. I shall add it to my repertoire.



  • @blakeyrat said:

    I couldn't take a screenshot of this, so you'll have to use your imagination.

    You could have laid down the monitor on a nearby wood table and taken a picture with a camera.



  • @blakeyrat said:

    a dialog from LANDesk

    Arrrgh! LANDesk! (shudder) The software with that revolting yellow animated marquee which scrolls the remote machine's desktop within it, turning remote control of a PC into a video game? YUK.



  • have to admit, not a very user friendly solution, but when I recall what happens on a Win2003 terminal server in the same situation (the "oldest" terminal server session just gets the window displayed on its desktop. While the process is associated to the SYSTEM user it may appear on a desktop of an unprivileged user. And if badly written, the user may send hotkeys or custom window messages to the window (since it is on his desktop) and end up with a file open dialog running with SYSTEM privileges - now just search for cmd.exe, right-click->run and you have pwned the terminal server), this solution with a separate desktop for the stray window and switching to it via UAC is at least a whole lot more secure.



  • Any window on a Windows desktop, up until Windows Vista, could talk to any other window, no matter which user owned it, no matter whether it was two WinWord windows chatting or a Web browser talking to the Core of the System. It was a massive security vulnerability accessible by anyone just sitting at the machine, and Microsoft's official response at the time to these "shatter attacks" was "Uh, yeah, it's [i]supposed[/i] to do that. It's in the documentation. What are you, nuts?"

    The problem is that people sitting at the physical box (or the first person to log in, if using Fast User Switching) used a special Remote Desktop session called Session 0, which all the highly-privileged service programs, driver programs, et cetera used too. Since all those windows ended up on the same desktop, they could all talk to one another, which means a service running under the auspices of having full control over the system, if it dared display a window, could be hijacked into doing whatever an attacker wants, even if the attack is launched from a lowly Java applet on a limited user account. But hardware manufacturers' driver writers are lazy, so they had their high-privilege code pop up windows since inter-process communication is "hard" and popping up windows is "safe". Well, obviously not.

    In Windows Vista and up, [i]only[/i] high-privileged services run in Session 0, and users logging in to the machine start at Session 1 and up. This keeps the wrongly-written services safe from harm by programs running as more limited users, but as a side-effect makes it so that whatever cutsey bullshit window they were trying to display never shows up anywhere, ever. Which made quite a few "value-added software" providers cry. So in Windows Server 2008 and Windows 7 and up, there's something called the "Interactive Services Detection Service", which lets administrators know when something's popped something up. It's somewhat carefully worded to give the finger to people who keep writing services that do this (seriously, open a network connection or named pipe and write your own god damned desktop application!) but since those things still exist, this is the compatibility tool.

    @blakeyrat said:

    @dohpaz42 said:
    Regardless, why the hell would only one person be able to see the message? That to me seems like a WTF in and of itself.
    Probably has something to do with it being on an alternate desktop? Honestly I don't know.
    You're Fast-User-Switching to the Local System account's session, and only up to one user can be connected to a session at a time.



  • @blakeyrat said:

    A lot of badly-written third party software breaks, though...
     

    I guess this issue joins the crapton of stuff sacrificed on the altar of the great god Backwards Compatibility.



  • A simple patch of the terminal services DLL allows you to have multiple people logging in via remote desktop at the same time as a local user using the machine. Yes it violates the license agreement, but a lot of people simply don't care. 


Log in to reply