In Vista, if I want to ensure that two processes can't read each other's
files, then I have to run those processes as separate users. This would be
practical if I could mix different users' processes' windows on one desktop,
in order to have ready access to them all. So why can't I do this? Why do
all of the windows for each user have to be isolated onto per-user desktops,
with the desktops switched among using FUS?

Hello,

You can mix different users windows onto one desktop using the runas command
line tool.

- JB

"Jimmy Brush" wrote in message
...
Hello,

You can mix different users windows onto one desktop using the runas
command line tool.

Excellent! Thank you.

But I've already run into one problem: I got cmd, calc, and notepad to run
successfully as another user, but when I try explorer, nothing starts. After
runas gets the password, displays the standard 'Attempting to start explorer
as user "machine\foo" ...', and returns, nothing else happens; explorer
doesn't start.
No error message is given.

BTW, how secure is the process isolation? If I run a program simultaneously
as two different users on the same desktop, what communication paths are
available by default for these two processes to communicate with each other?
(I ask because I want to be able to ensure isolation even while assuming
that the processes will try any means possible to communicate with each
other.) Is it possible to prevent each one from knowing that the other one
is even running?

Also, I don't suppose it's possible to move a currently open window (running
either as the current user or as another user) to another user's desktop...

snip
but when I try explorer, nothing starts.

Unfortunately, explorer does not allow itself to be ran in the context of a
different user. I'm not aware of the technical (or non-technical) reasons
why.

snip
BTW, how secure is the process isolation?

I do not believe processes running on the same desktop are isolated in any
special way (even if they are running in the context of another user),
except for the isolation involved through UAC. If one program is running as
a standard user and another program is running as an administrator, then UAC
enforces this seperation.

The application can interact with the other windows on your desktop, since
it belongs to the same desktop; however, it runs from the user and security
context of the other user (it only has access to the objects that the other
user does, and when it accesses say HKEY_CURRENT_USER it is talking to the
other user's registry hive).

Windows running in the same desktop have many means of communciation with
each other - they can use the clipboard and send window messages to each
other, not to mention use the lines of communication that are available to
any program regardless of desktop (named/unnamed pipes, sockets, shared
memory, etc).

Is it possible to prevent each one from knowing that the other one is even
running?

Not that I am aware of.

Also, I don't suppose it's possible to move a currently open window
(running either as the current user or as another user) to another user's
desktop...

My unerstanding is that once a window is created it is permanently attached
to the desktop in which it was created.


--
- JB

Windows Vista Support Faq
http://www.jimmah.com/vista/