Windows Vista, Server 2008, Windows 7 and Server 2008 R2 have several new security features that can make running services with FireDaemon Pro problematic.
User Access Control (UAC)
On Windows Vista, 2008 and 7, the FireDaemon Pro Service Manager program needs to run as an administrative user in order to be able to gain access to the Service Control Manager. When you install FireDaemon Pro, different executables are deployed that work around most of the UAC limitations. However, if UAC is enabled, some features of FireDaemon Pro no longer work or behave differently. These are specifically:
To restore this functionality, simply disable UAC. To do this run msconfig.exe from a command prompt. Go to the Tools tab and scroll down until you find Change UAC Settings. Click the Launch button and then reboot your computer. UAC will now be disabled! Hooray! The FireDaemon Pro installer gives you the opportunity to disable UAC during the installation process.
Session 0 Isolation and Interactive Services Detection Service
Windows Vista, 2008 and 7 isolate Windows services in Session 0 and runs all other user initiated applications in other sessions. This is to protect services from attacks that originate in application code. In Windows Server 2003 and earlier versions of Windows, all services run in Session 0 along with applications. For a detailed explanation of Session 0 Isolation refer to this article.
The effect of this change is that interactive services are no longer immediately visible when you install them. You can work around this by enabling and starting the Interactive Services Detection Service. The FireDaemon Pro installer does this for you by default, however, if you want to enable it yourself simply type the following two command at a command prompt:
sc config UI0Detect start= auto
net start UI0Detect
nb. UI0Detect is UI "zero" Detect.
Now when you run interactive services, you will see the Interactive Services Detection dialog popup. If you click on "Show me the message" you will be switched onto Session 0. NOTE: Only GUI based applications will trigger the popup. Console based applications will not trigger the popup. The two screen shots below illustrate this. It is also a good idea to make your services depend on the UI0Detect service. This means the UI0Detect will be up and running before your service is started and will prompt you to switch to the Session 0 desktop immediately.
After installation of an interactive service you will see the following popup:
When you click on "Show me the message" you will be switched to Session 0. For example:
Your mileage may vary but It is possible to actually launch a semi-sensible desktop back on Session 0. Use FireDaemon Pro to launch cmd.exe and then run Windows Explorer (c:\Windows\Explorer.exe) back on Session 0. Not everything works perfectly but you can now run your desktop as the SYSTEM account!