HI,
If a system has two or more accounts like User1, User2, etc.
How to determine the user switch between the users?
Do we get any IRP/ event in kernel mode driver?
Is there any provision to detect the user switch in kernel mode?
Thanks
What OS do you want this for and why do you think you need to know when the user at the console is switched? Remember that there can be more than one active user, one at the console and one over TS, so the idea that the active user switches and there is only one active is incorrect.
What problem are you trying to solve?
d
Sent from my phone with no t9, all spilling mistakes are not intentional.
-----Original Message-----
From: xxxxx@gmail.com
Sent: Tuesday, March 31, 2009 6:19 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] How to determine the USER switch (User1 to User2) in Kernelmode Driver ?
HI,
If a system has two or more accounts like User1, User2, etc.
How to determine the user switch between the users?
Do we get any IRP/ event in kernel mode driver?
Is there any provision to detect the user switch in kernel mode?
Thanks
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
> How to determine the user switch between the users?
By user SID. SID may getting by process token:
- PsReferencePrimaryToken + ObOpenObjectByPointer (create HANDLE to token)
- ZwQueryInformationToken
SID from nt!_TOKEN_USER.User.Sid can be used to determine user
Why do you think that you need to do this? What about TS or runas scenarios where there are multiple logged on users?
- S
-----Original Message-----
From: xxxxx@gmail.com
Sent: Tuesday, March 31, 2009 06:18
To: Windows System Software Devs Interest List
Subject: [ntdev] How to determine the USER switch (User1 to User2) in Kernelmode Driver ?
HI,
If a system has two or more accounts like User1, User2, etc.
How to determine the user switch between the users?
Do we get any IRP/ event in kernel mode driver?
Is there any provision to detect the user switch in kernel mode?
Thanks
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
In addition, with Fast User Switching more interactive users session can
be running at once. One visible but apps/threads still running under
currently invisible ones.
It is possible to retrieve logon session (LogonId) from current process
and in turn distinguish IRP originator logon session.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Skywing
Sent: Tuesday, March 31, 2009 6:44 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to determine the USER switch (User1
to User2) in Kernelmode Driver ?Why do you think that you need to do this? What about TS or
runas scenarios where there are multiple logged on users?
- S
-----Original Message-----
From: xxxxx@gmail.com
> Sent: Tuesday, March 31, 2009 06:18
> To: Windows System Software Devs Interest List
> Subject: [ntdev] How to determine the USER switch (User1 to
> User2) in Kernelmode Driver ?
>
>
> HI,
>
> If a system has two or more accounts like User1, User2, etc.
> How to determine the user switch between the users?
> Do we get any IRP/ event in kernel mode driver?
>
> Is there any provision to detect the user switch in kernel mode?
>
> Thanks
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online
> at http://www.osronline.com/page.cfm?name=ListServer
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online
> at http://www.osronline.com/page.cfm?name=ListServer
>
> How to determine the user switch between the users?
Do we get any IRP/ event in kernel mode driver?
No for sure 
“User switch” is just a switch of what WinSta\desktop is really connected to the physical display/keyboard/mouse.
This is an internal thing for win32k, the kernel itself does not know (and does not care).
The kernel just sees many processes and threads running under several logon sessions, that’s all.
So, the approach of “detect user switch from the kernel” is flawed by design. Your kernel code should just work properly (succeed or properly fail) for any user starting apps.
Also, probably there is a WM_xxx message sent to the UI app on Fast User Switching, you can use it and notify the kernel driver from it.
Also note Remote Desktop, where you can have 1000 “current users”.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
Hi All,
Thanks for your reply.
I am working on Audio Driver development. Here is a scenario,
If a system has more than one user like User1, User2 , etc.
The system is in User1 and there a stream started playing in Windows Media player, if user take “Switch User” and go to User2 the stream should be stopped, its not happening.The stream is still playing after switching to User2.
I want to detect the user switch and destroy the stream in my audio driver, so that the stream wont play.If user switch back to User1 he will restart the stream manually.
I am working on Windows Vista and Win7 Platforms.
Please let me know how to get notified through USER switches. Do i need to register any handler for this / get any event/IRP ?
Thanks,
>>By user SID. SID may getting by process token: - PsReferencePrimaryToken + ObOpenObjectByPointer (create HANDLE to token) - ZwQueryInformationToken SID from nt!_TOKEN_USER.User.Sid can be used to determine user
This will not help, as windows also allows to run application with user other than the logged in. (run as)
So even though the second session is for user 2, I can still run an App with User 1 using run as.
@Ravinder Are
Kernel is not the place to handle this, you can handle this in a user mode App. see WM_QUERYENDSESSION with LPARAM, and when your App recieves it ask your driver to do stuff.
Thanks
Aditya
xxxxx@gmail.com wrote:
If a system has more than one user like User1, User2 , etc.
The system is in User1 and there a stream started playing in
Windows Media player, if user take “Switch User” and go to
User2 the stream should be stopped, its not happening.
The stream is still playing after switching to User2.
Perhaps this is something else you’re already taking into account, but
I’m not sure there would be a clear-cut assumption that “the stream
should be stopped”.
If the application that is controlling the audio playback isn’t
actually getting suspended during switch user (e.g. runs as a Windows
service, etc.), might the correct assumption of the user and
application designer be that whether the audio stops is up to the
application?
For example in WMP11 there is a configuration option “Stop playback
when switching to a different user”. Or perhaps I should say “was”;
its still there in the Windows XP machines I’m looking at, but I’m not
seeing that option or its replacement with WMP11 on Windows Vista.
Alan Adams
@Ravinder
it appears that WM_QUERYENDSESSION is not a proper choice for this. I used it for logoff notifications though. A search on google reveals this link.
http://msdn.microsoft.com/en-us/magazine/cc302210.aspx, search for WTSRegisterSessionNotification in this link. It should do the job.
Aditya
xxxxx@gmail.com wrote:
I am working on Audio Driver development. Here is a scenario,
If a system has more than one user like User1, User2 , etc.
The system is in User1 and there a stream started playing in Windows Media player, if user take “Switch User” and go to User2 the stream should be stopped, its not happening.The stream is still playing after switching to User2.I want to detect the user switch and destroy the stream in my audio driver, so that the stream wont play.If user switch back to User1 he will restart the stream manually.
No. As a driver, this decision is simply not for you to make. That’s
not the way things work. You, as a driver, render the packets that are
given to you. Now, if an application wants to stop the stream on a user
switch, that’s fine, but it’s strictly up to the application to make
that decision, NOT the driver.
Your driver merely offers services. It is the applications that decide
how to use those services.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
I *wish* Windows supported soundcard ownership option for a console session. This is very useful for FUS scenarios. When my juniors leave their darn AIM and/or MySpace open in their session, with those stupid sound notifications, and I just want to listen to some music without those interventions, I *wish* I could click a checkbox “mute sounds from other sessions” (and/or other processes of my session, too). For now, I have to RunAs Admin the Task Manager, and just kill the offending processes.
You could simply insist on having the ability to login as them and end
the app gracefully, instead of beheading them. I’m just saying …
Phil
Philip D. Barila
Seagate Technology LLC
(720) 684-1842
As if I need to say it: Not speaking for Seagate.
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@broadcom.com
Sent: Wednesday, April 01, 2009 3:17 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] How to determine the USER switch (User1 to User2) in
Kernelmode Driver ?
I *wish* Windows supported soundcard ownership option for a console
session. This is very useful for FUS scenarios. When my juniors leave
their darn AIM and/or MySpace open in their session, with those stupid
sound notifications, and I just want to listen to some music without
those interventions, I *wish* I could click a checkbox “mute sounds from
other sessions” (and/or other processes of my session, too). For now, I
have to RunAs Admin the Task Manager, and just kill the offending
processes.
See,
You definitely have to looking for application layer, not driver solution.
Windows kernel is multi session by architecture.
Microsoft closes multi-session using for Workstation and Home edition versions from marketing point of view. But all Windows version has the same Kernel and driver architecture is common.
Over more, my friend has built (commercial!) system which opens multi-session on Workstation and delivery even audio stream for few users together independently!
Session creation/closing are managed on application layer, not in the kernel…
Regards,
MG.
Subject: RE: How to determine the USER switch (User1 to User2) in Kernelmode Driver ?
From: xxxxx@gmail.com
Date: Wed, 1 Apr 2009 00:17:00 -0400 (EDT)
X-Message-Number: 1Hi All,
Thanks for your reply.
I am working on Audio Driver development. Here is a scenario,
If a system has more than one user like User1, User2 , etc.
The system is in User1 and there a stream started playing in Windows Media player, if user take “Switch User” and go to User2 the stream should be stopped, its not happening.The stream is still playing after switching to User2.
I want to detect the user switch and destroy the stream in my audio driver, so that the stream wont play.If user switch back to User1 he will restart the stream manually.
I am working on Windows Vista and Win7 Platforms.
Please let me know how to get notified through USER switches. Do i need to register any handler for this / get any event/IRP ?Thanks,
Dear All,
Thanks for your valuable comments and support.
I am not going to implement the scenario in my driver and leaving it to application.
Regards,
Ravinder Are