Running FireDaemon Pro on Windows Vista, 2008 or Later
Previous Topic  Next Topic 

Windows Vista, Server 2008, 7, Server 2008 R2, 8, Server 2012, 8.1, Server 2012 R2, 10 and Server 2016 have several security features that can make running services with FireDaemon Pro challenging.

User Access Control (UAC)

The FireDaemon Pro Service Manager program needs to run as an administrative user in order to be able to gain access to the Service Control Manager. When you install FireDaemon Pro, different executables are deployed that work around most of the UAC limitations. However, if UAC is enabled, some features of FireDaemon Pro no longer work or behave differently. These are specifically:

To restore this functionality, simply disable UAC. To do this run msconfig.exe from a command prompt. Go to the Tools tab and scroll down until you find Change UAC Settings. Click the Launch button and then reboot your computer. UAC will now be disabled. The FireDaemon Pro installer gives you the opportunity to disable UAC during the installation process.

Session 0 Isolation and Interactive Services Detection Service

Since Windows Vista, Windows services are run in Session 0 and all other user initiated applications in other sessions. This is to protect services from attacks that originate in application code. In Windows Server 2003 and earlier versions of Windows, all services run in Session 0 along with applications. For a detailed explanation of Session 0 Isolation refer to this article.

The effect of this change is that interactive services are no longer immediately visible when you install them. You can work around this by enabling and starting the Interactive Services Detection Service. The FireDaemon Pro installer does this for you by default, however, if you want to enable it yourself, type the following two command at a command prompt:

sc config UI0Detect start= auto

net start UI0Detect

NB. UI0Detect is UI "zero" Detect.

On Windows 8 / Server 2012 or later, Interactive Services are disabled system wide by default. This means the Interactive Services Detection Service may fail to run. To resolve this simply use the Registry Edit and look for the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows. Then change the value NoInteractiveServices from 1 to 0. Note that the FireDaemon Pro retail installer takes care of setting this registry value for you during product installation.

Now when you run interactive services, you will see the Interactive Services Detection dialog popup. If you click on "Show me the message" you will be switched onto Session 0. NOTE: Only GUI based applications will trigger the popup. Console based applications will not trigger the popup. The two screen shots below illustrate this. It is also a good idea to make your services depend on the UI0Detect service. This means the UI0Detect will be up and running before your service is started and will prompt you to switch to the Session 0 desktop immediately.

After installation of an interactive service you will see the following popup:

When you click on "Show me the message" you will be switched to Session 0. For example:

Your mileage may vary but it is possible to actually launch a semi-sensible desktop back on Session 0 . Use FireDaemon Pro to launch cmd.exe and then run Windows Explorer (c:\Windows\Explorer.exe) back on Session 0. Not everything works perfectly but you can now run your desktop as the SYSTEM account! This works well on Windows 7 or 2008 R2. On Windows 8 / 2012 or later - this technique doesn't work at all and you will need to use our Session 0 Viewer instead.