Robert McLaws: Windows Edition

Blogging about Windows since before Vista became a bad word

User Account Control, Windows CardSpace, and the Secure Desktop

Wanna know why you desktop grays out with User Account Control and Windows CardSpace under Windows Vista? Or why you can't click on any of the windows behind a UAC prompt? Well, both technologies are built on top of the Secure Desktop, which also powers the Logon screen and what you see when you give your computer the three-fingered salute. Secure Desktop runs in an entirely separate process from Explorer.exe (the Windows Shell), and uses a number of programming techniques that make it extremely difficult to plug into.

The end result is when UAC prompts you do do something, you're actually not on your desktop anymore. You're in a process that no other application can get in front of to fake you out. To ensure that the user isn't shell-shocked by the change, Secure Desktop takes a picture of the desktop as it was just before the prompt appeared, applies a gray shading, and then uses that picture as the Secure Desktop background. That's why you can't click on any of the windows behind the dialog either: they're not actual windows, just a picture of what you were previously doing.

So there you have it. Secure Desktop at a glance. You can read more about it on Microsoft TechNet.

PostTypeIcon
13,524 Views

Comments

  • PatriotB said:
    A minor nitpick... CardSpace doesn't actually use "the" secure desktop. It *does* create its own desktop object, for security purposes, but it's not the same one that ctrl+alt+delete uses.

    Interestingly, the ability to create private desktops has been around since NT 3.51. It's interesting to see CardSpace taking advantage of this ability.
    July 25, 2006 11:54 PM
  • User Account Control, Windows CardSpace, and the Secure Desktop - Robert McLaws: Windows Edition

    January 17, 2015 10:36 AM