Why is Fast User Switching disabled for computers on a domain?

T

TerryW

Does anyone know why the Fast User Switching functionality is disabled when
logging into a domain? Or, is there a work-around? I can't see why
switching a user would be a security risk because there is no way to
cut/paste between sessions. Each session behaves like a virtual machine
from what I could see.

I have an account I use for work, and one I use for personal. (I'm a
consultant that must manage multiple accounts.)

If you look at WinXP's 'Help and Support', it simply states:

You must have a computer administrator account on a computer that is a
member of a workgroup or is a stand-alone computer to turn on or turn off
the User Fast User Switching feature. Fast User Switching is not available
on computers that are members of a network domain.


Any ideas?
 
P

pauly [MSFT]

Hi Terry,

It's a design limitation of the operating system. There is no workaround.

294737 Architecture of Fast User Switching
http://support.microsoft.com/?id=294737

280758 Fast User Switching Option Is Not Available
http://support.microsoft.com/?id=280758

294739 A Discussion About the Availability of the Fast User Switching
Feature
http://support.microsoft.com/?id=294739

279765 HOW TO: Use the Fast User Switching Feature in Windows XP
http://support.microsoft.com/?id=279765

=========

This posting is provided "AS IS" with no warranties, and confers no rights.

Windows XP Security Homepage:
http://www.microsoft.com/windowsxp/security/default.asp

Windows 2000 Security Homepage:
http://www.microsoft.com/windows2000/security/default.asp

Top 10 Windows Newsgroups Security Questions:
http://www.microsoft.com/technet/newsgroups/default.asp?url=/technet/newsgro
ups/nodepages/sectop10.asp

=========
Paul Hayes, MCSE
Product Support Services
Microsoft Corporation
(e-mail address removed)



--------------------
| From: "TerryW" <[email protected]>
| Subject: Why is Fast User Switching disabled for computers on a domain?
| Date: Wed, 14 Apr 2004 10:01:49 -0700
|
| Does anyone know why the Fast User Switching functionality is disabled
when
| logging into a domain? Or, is there a work-around? I can't see why
| switching a user would be a security risk because there is no way to
| cut/paste between sessions. Each session behaves like a virtual machine
| from what I could see.
|
| I have an account I use for work, and one I use for personal. (I'm a
| consultant that must manage multiple accounts.)
|
| If you look at WinXP's 'Help and Support', it simply states:
|
| You must have a computer administrator account on a computer that is a
| member of a workgroup or is a stand-alone computer to turn on or turn off
| the User Fast User Switching feature. Fast User Switching is not
available
| on computers that are members of a network domain.

| Any ideas?
 
B

Bruce Chambers

Greetings --

Because it's counter to the most basic domain security
precautions.

Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
E

Eduardo Francos

Bruce said:
Greetings --

Because it's counter to the most basic domain security
precautions.

Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
Click to expand...
If the environments of simultaneous users are effectively isolated from
each other then I see no intrinsic problem in allowing more than one
user to be logged in. IMHO either Microsoft's implementation of FUS does
not completely isolate the users or they have other (commercial?)
reasons to disable it.

Eduardo Francos
 
C

cquirke (MVP Win9x)

Because it's counter to the most basic domain security
precautions.
Click to expand...
[/QUOTE]
If the environments of simultaneous users are effectively isolated from
each other then I see no intrinsic problem in allowing more than one
user to be logged in. IMHO either Microsoft's implementation of FUS does
not completely isolate the users or they have other (commercial?)
reasons to disable it.
Click to expand...

Being designed to separate the FUS sessions and actually separating
the FUS sessions may not be the same thing - and having seen so many
attempts at "yes it's risky but we put in safeguards" fail, I'm happy
to see this not enabled if there are doubts.


-------------------- ----- ---- --- -- - - - -
Click to expand...
Tip Of The Day:
To disable the 'Tip of the Day' feature...
 
E

Eduardo Francos

cquirke said:
If the environments of simultaneous users are effectively isolated from
each other then I see no intrinsic problem in allowing more than one
user to be logged in. IMHO either Microsoft's implementation of FUS does
not completely isolate the users or they have other (commercial?)
reasons to disable it.
Click to expand...


Being designed to separate the FUS sessions and actually separating
the FUS sessions may not be the same thing - and having seen so many
attempts at "yes it's risky but we put in safeguards" fail, I'm happy
to see this not enabled if there are doubts.
[/QUOTE]

If their reason to disable it is the risk then I agree, better nothing
than something broken.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Fast user switching in domain environment 4
Fast User Account Switching 5
admin. log on from welcome sreen using fast user switching 2
Fast User Switching is disabled 8
Removing the domain from my laptop 1
restoring welcome screen/fast user switching 1
Allow non-admin to log off currently logged on user 1
How to get my administrative options back and enable fast user swi 1

Top