The issue reported for the version 3.0.7.208 about fast user switching under Windows XP Pro SP2 is still occuring in CPF 3.0.8.214. >:(
Only one user can use the computer. To switch, needs to reboot. If trying to use this feature, the computer hangs while trying to log the second user.
Hallo caverne_man,
Maybe this issue could be solved setting some windows component in trusted mode using Defense+.
Is there by any chance some Defense+ log entries that could affect Fast user switching?
Are you willing to take a thoubleshooting procedure to shed light on this issue?
Trooubleshooting
Backup your current V3 configuration Using Miscellaneous\Configuration Management Wizard
Import your V3 configuration Backup giving it a test name Using Miscellaneous\Configuration Management Wizard
Activate your test configuration Using Miscellaneous\Configuration Management Wizard
Set all windows components (userinit.exe, sethc.exe, control.exe, wscntfy.exe, mmc.exe, cisvc.exe, wuauclt.exe, wmiprvse.exe, wmiadap.exe, alg.exe, csrss.exe, svchost.exe, winlogon.exe, services.exe, ctfmon.exe, helpsvc.exe, helpctr.exe) to trusted in Defense+\Advanced\Custom Security Policy
Test Fast User Switching
Activate your V3 Default configuration Miscellaneous\Configuration Management Wizard
Delete your V3 test configuration Using Miscellaneous\Configuration Management Wizard
Thanks for sharing any info on this subject,
gibran
Thank you for your reply. I’ve done the following steps:
1/ exported config to the file “initial config” 290,816 bytes
2/ rebooted computer (to start from a clean system)
3/ imported config name: test - file “initial config”
4/ activate previously imported config: test
5/ Defense+/Advanced/Computer Security Policy: Change
csrss.exe, svchost.exe, services.exe, alg.exe, wmiprvse.exe, wuauclt.exe, ctfmon.exe, winlogon.exe, mmc.exe
The others were not found:
userinit.exe, sethc.exe, control.exe, wscntfy.exe, cisvc.exe, wmiadap.exe, helpsvc.exe, helpctr.exe
6/ tried fast switching: get the “computer locked by user…” message.
7/ Reboot, check the computer security Policy: winlogon.exe went back to “custom”. Logs indicates that Defense+ blocked a hook from winlogon.exe to MSCTF.dll
8/ When trying fast switching, goes to the user selection window, choose another user, enter password, start to login, then goes back to the user selection window.
I guess my winlogon.exe file is causing this problem …
Defense+ not keeping winlogon trusted policy setting it’s sure a bad thing
Maybe it’s possible to workaround this by setting MSCTF.dll in the custom policy of winlogon (defense+\advanced\Computer security policy\Edit winlogon.exe\Windows\WinEvent Hooks\Add MSCTF.dll to Allowed Applications.)
Maybe it’s worth adding C:\WINDOWS\system32\ctfmon.exe to Interprocess Memory Access.
Then reboot to try Fast User switching.
This coud be a phase one step because after unlocking those there could be another thing blocked later so It’s worth checking Defense+ log again.
I’ve added MSCTF.dll, ctfmon.exe and even logonui.exe in Defense+/advance/Computer security policy/winlogon.exe/access rights/Interprocess memory access/modify/allowed applications.
Same behavior. The only change is now the log doesn’t show anything blocked.
I’ve tried to lower the Defense+ settings from “Learn Safe Only” to “Learn All”. It sort of works:
I can switch to another account, and switch back to the initial account, but when I try to log off, instead of getting the user selection window, I get a black screen with the HDD showing a periodical activity.