What Is This Sorcery?

With the release of Windows 10 and Server 2016, Microsoft decided to block keyboard and mouse input on Session 0. So if you have an interactive Windows service running on Session 0, your keyboard and mouse will not work and you will not be able to interact with your application. For more information please refer to our comprehensive discussion on the matter. Additionally, with the release of Windows 10 1803 and Server 2019 Microsoft decided to remove the Interactive Services Detection Service entirely from the operating system.


So, behold, we created FireDaemon ZeroInput. This is a digitally signed kernel mode driver that restores the keyboard and mouse functionality on Session 0 on Windows 10, Server 2016, and Server 2019. The driver also removes the "blacked out" Session 0 desktop on Windows 10 and Server 2019. FireDaemon Zero works with FireDaemon ZeroInput and detects that the driver is present and gives you the ability to remain on Session 0 indefinitely (normally you would be kicked out after 30-seconds).


Warning and Disclaimer

By downloading and installing FireDaemon ZeroInput you fully acknowledge that this software modifies your Windows operating system in order to restore functionality that Microsoft has intentionally removed. As such, you now assume all risk and FireDaemon Technologies Limited will not be liable for any losses or damages as a result. If you have any doubt whatsoever in regard to the usefulness or fitness for purpose of this driver then please, do not use it. Additionally, FireDaemon Technologies Limited provides no warranty that ZeroInput will continue to work correctly with any future update to Microsoft Windows 10, Server 2016 or Server 2019 or any future Microsoft operating system.


What Does ZeroInput Cost?

Nothing. It's free. Please read the Warning and Disclaimer above.


Compatibility

This driver is for use with Windows 10, Server 2016, or Server 2019 only. It's not required to be deployed on any other version of Windows. Our deployment matrix summarises when and where you should deploy FireDaemon Zero and ZeroInput.


Test First Before Deploying

Per the Warning and Disclaimer above, we strongly recommend you try this driver in a disposable virtual machine or similar test environment first to ensure it works and meets your requirements prior to deploying into production.


Installation

Step 1 - Install Windows and / or Patch and Backup

  1. Optionally install Windows 10, Server 2016 or Server 2019
  2. Apply ALL Windows updates - everything
  3. Install your latest hypervisor support tools
  4. Ensure your operating system is fully backed up so that you can completely restore it.

Step 2 - Connect to the Console Session of your computer

Windows does not generally permit the installation of kernel-mode drivers on anything but the administrative console of your computer. This administrative console is defined as:

  • The physical desktop computer, laptop, tablet etc. to which a physical mouse and keyboard is connected
  • The console session available via a computer management gateway such as Dell iDRAC or HP ILO or equivalent
  • The virtual machine console session (i.e. the screen displayed when accessing the machine via VMware vSphere Client or equivalent)
  • The Administrative RDP session. To connect to this session type at an elevated command prompt:
    mstsc /v:<hostname> /admin

Step 3 - Download ZeroInput

Download FireDaemon ZeroInput 0.0.0.4

For 32-bit and 64-bit Microsoft Windows 10 Operating Systems

For 64-bit Microsoft Windows 2016 and 2019 Operating Systems

September 2020 - Free


NOTE: If you want to install ZeroInput via the command line with pnputil and are using Windows 10 1903 or later, download the "Reissue" version instead. There's no difference in the actual driver, just in the INF configuration. The "Reissue" version does not work with Server 2016 or 2019 as the INF installation directives are specific to Windows 10 1903 or later.


Step 4: Install the Driver

Please do the following:

  1. Ensure you are logged in as a local or domain administrator
  2. Unpack the downloaded ZIP file to a location of your choice
  3. Locate the architecture-specific ZIP files (i.e. x86 or x64) and unpack the one you need
  4. Locate the file FDUI0Input.inf, right-click on it and select Install
  5. Confirm the various UAC confirmation prompts
  6. The driver will be installed and the corresponding FDUI0Input service created automatically.
  7. You can also install the driver via an elevated command prompt as follows (see the Note above in Step 3):
    pnputil /add-driver FDUI0Input.inf /install


Step 5: Install FireDaemon Zero

If you have Windows 10 1803 or later or Server 2019 installed, the Interactive Services Detection Server (UI0Detect) binaries have been removed from the operating system. Hence, you must install FireDaemon Zero to allow you to switch desktop to Session 0. This step is optional on Server 2016 - however, managing Session 0 without FireDaemon Zero is painful. FireDaemon Zero enables interactive services system-wide, updates the UI0Detect service to work with the Zero task tray applet plus gives you an easy way to switch back and forth between your logged in user-session and Session 0.


Step 6: Install / Re-install Virtualisation Tools

If your operating system is virtualised please ensure you install or completely uninstall and re-install the corresponding helper tools (e.g. VMware Tools, Virtualbox Guest Additions etc.).


Step 7: Reboot and Confirm Installation is Successful

Now reboot your computer. FireDaemon Zero is ZeroInput aware. You can query the running state of the ZeroInput driver by typing the following at an elevated command prompt after your computer has rebooted:

cd c:\Program Files\FireDaemon Zero
FDUI0Control query --fdui0input-state


You should see the following output:

Input Driver Details
--------------------
Driver state: running
Status: Desktop switched

You should now be able to switch desktop to Session 0 and see your interactive FireDaemon Pro services running. Please be aware of the limitations associated with attempting to switch to Session 0 using RDP. These are covered in the FireDaemon Zero Release Notes.


FireDaemon Zero and ZeroInput running on Session 0


Removing The ZeroInput Driver

Complete the following steps:

  1. Login as a local or domain administrator
  2. Open an elevated command prompt.
  3. At the command prompt type:
    sc delete FDUI0Input

Then reboot your machine. This will ensure the existing driver has been unloaded from memory.


Upgrading the Driver From 0.0.0.3 to 0.0.0.4

If you upgrade to Windows 10 Version 2004 and have ZeroInput 0.0.0.3 installed, you will need to upgrade ZeroInput. ZeroInput 0.0.0.3 does not work with Windows 10 Version 2004. Do the following to upgrade:

  • Remove the driver per the step above
  • Install the driver per the instruction above from Phase 1 through Phase 6.


Manual UI0Detect Service Installation

Should you ever want to install the Interactive Services Detection Service (UI0Detect) manually follow these instructions. First, check to see if the UI0Detect service is present via the following command at an elevated command prompt. If the service does not exist you will get an "OpenService FAILED 1060" error.

sc query UI0Detect

To set up the Interactive Services Detection Service manually, do the following:

  1. Login in as a local or domain administrator
  2. Open an elevated command prompt.
  3. At the elevated command prompt type the following three commands to re-create the UI0Detect service.
    sc create UI0Detect start= auto type= own type= interact error= severe binpath= "C:\Windows\System32\winver.exe"
    sc sidtype UI0Detect unrestricted
    sc privs UI0Detect SeTcbPrivilege/SeAssignPrimaryTokenPrivilege/SeIncreaseQuotaPrivilege/SeDebugPrivilege

Note: In the sc create command - we have used winver.exe in the binpath. This is a "stub". sc.exe won't create the service if you supply an invalid binpath. When you install FireDaemon Zero the binpath is updated. Alternately, and if you are feeling really brave, copy over the UI0Detect.exe binary from an earlier version of Windows 10 or Server 2016 to C:\Windows\System32. Then adjust the binpath to read "C:\Windows\System32\UI0Detect.exe". If you do this you will be able to start the UI0Detect service and you should be able to switch desktop to Session 0 via the legacy Interactive Services popup.


Limitations

ZeroInput will not work if you enable VBS (Virtualization Based Security) HVCI (Hypervisor Enforced Code Integrity) on your machine. There's no workaround.


There's are numerous limitations regarding remote access to Session 0 via RDP. Please ensure you carefully review the FireDaemon Zero release notes prior to deploying ZeroInput.


Bugs? Issues? Feature Requests?

Tell us what you think! All feedback gratefully received!