FireDaemon ZeroInput

TABLE OF CONTENTS

What Is ZeroInput?

With the release of Windows 10 and Server 2016, Microsoft decided to block keyboard and mouse input on Session 0. So if you have an interactive Windows service running on Session 0, your keyboard and mouse will not work and you will not be able to interact with your application. For more information please refer to our comprehensive discussion on the matter. Additionally, with the release of Windows 10 1803 and Server 2019 Microsoft decided to remove the Interactive Services Detection Service entirely from the operating system.


So, behold, we created FireDaemon ZeroInput. This is a digitally signed kernel-mode driver that restores the keyboard and mouse functionality on Session 0 on Windows 10, Windows 11, Server 2016, Server 2019, and Server 2022. The driver also removes the "blacked out" Session 0 desktop. FireDaemon Zero works with FireDaemon ZeroInput and detects that the driver is present and gives you the ability to remain on Session 0 indefinitely (normally you would be kicked out after 30-seconds).


Warning and Disclaimer

By downloading and installing FireDaemon ZeroInput you fully acknowledge that this software modifies your Windows operating system in order to restore functionality that Microsoft has intentionally removed. As such, you now assume all risks and FireDaemon Technologies Limited will not be liable for any losses or damages as a result. If you have any doubt whatsoever in regard to the usefulness or fitness for purpose of this driver then please, do not use it. Additionally, FireDaemon Technologies Limited provides no warranty that ZeroInput will continue to work correctly with any future update to Microsoft Windows 10, Windows 11, Server 2016, Server 2019, or Server 2022 or any future Microsoft operating system.


What Does ZeroInput Cost?

It's free. Please read the Warning and Disclaimer above.


Operating System Compatibility

ZeroInput works on Windows 10, Windows 11, Server 2016, Server 2019, and Server 2022 only. It's not required to be deployed on any other version of Windows. Please see the deployment matrix which summarises when and where you should deploy FireDaemon Zero and ZeroInput.


Limitations

Limitation #1: VBS HVCI Breaks ZeroInput

ZeroInput will not work if you enable VBS (Virtualization Based Security) HVCI (Hypervisor Enforced Code Integrity) on your machine. There's no workaround. 


Limitation #2: Access to Session 0 via RDP Doesn't Work Reliably

There's are numerous limitations regarding remote access to Session 0 via RDP. Please ensure you carefully review the FireDaemon Zero release notes prior to deploying ZeroInput.


Limitation #3: VMware Virtual Machine SVGA Driver Bug

If you are using Windows in a VMware virtual machine, then there is a bug in the VMware SVGA Helper Service that will cause your Windows desktop to fail when you switch to / from Session 0. Please see this article to resolve the issue.


Installation

Step 1 - Install Windows and / or Patch and Backup

  1. Install Windows 10, 11, Server 2016, 2019, Server 2022
  2. Apply ALL Windows updates - everything
  3. Install your latest hypervisor support tools
  4. Ensure your operating system is fully backed up so that you can completely restore it.

Step 2 - Connect to the Administrative Console of your computer

FireDaemon ZeroInput is a kernel-mode driver. Windows requires you to install kernel-mode drivers on an "administrative console". Hence, you need to login to an "administrative console" prior to installation. The administrative console is defined as:

  • The physical desktop computer, laptop, tablet, etc. to which a physical mouse and keyboard is connected
  • The console session available via a computer management gateway such as Dell iDRAC, HP ILO, or equivalent
  • The virtual machine console session (i.e. the screen displayed when accessing the machine via VMware vSphere Client or equivalent)
  • The Administrative RDP session. To connect to this session type at an elevated command prompt:
    mstsc /v:<hostname> /admin

Step 3 - Download ZeroInput

Download the FireDaemon ZeroInput "All In One" ZIP file. The ZIP file contains:

  • ZeroInput 0.0.0.4 for Windows 10 1809 or earlier, Server 2016 and 2019
  • ZeroInput 0.0.0.5 for Windows 10 1903 or later, Windows 11 and Server 2022

Step 4 - Install FireDaemon ZeroInput

Please do the following:

  1. Ensure you are logged in as a local or domain administrator
  2. Unpack the downloaded ZIP file to a location of your choice
  3. Locate the architecture-specific ZIP files (i.e. x86 or x64) for your operating system and unpack the one you need
  4. Locate the file FDUI0Input.inf, right-click on it and select Install
  5. Confirm the various UAC confirmation prompts
  6. The driver will be installed and the corresponding FDUI0Input service created automatically
  7. You can install the driver via an elevated command prompt on Server 2016 and Server 2019 as follows:
    rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 132 <PathToDriver>\FDUI0Input.inf
  8. You can install the "Reissued" driver via an elevated command prompt on Windows 10 1903 or later as follows (see the Note above in Step 3):
    pnputil /add-driver FDUI0Input.inf /install

Step 5 - Install FireDaemon Zero

If you have Windows 10 1803 or later, Windows 11, Server 2019, or Server 2022 installed, the Interactive Services Detection Service (UI0Detect) binaries have been removed from the operating system. Hence, you must install FireDaemon Zero to allow you to switch desktop to Session 0. This step is optional on Server 2016 - however, managing Session 0 without FireDaemon Zero is painful. FireDaemon Zero enables interactive services system-wide, updates the UI0Detect service to work with the Zero task tray applet plus gives you an easy way to switch back and forth between your logged-in user session and Session 0.


Step 6 - Install / Re-install Virtualisation Tools

If your operating system is virtualised please ensure you install or completely uninstall and re-install the corresponding helper tools (e.g. VMware Tools, Virtualbox Guest Additions, etc.).


Step 7 - Reboot and Confirm Installation is Successful

Now reboot your computer. FireDaemon Zero is ZeroInput aware. You can query the running state of the ZeroInput driver by typing the following at an elevated command prompt after your computer has rebooted:

cd c:\Program Files\FireDaemon Zero
FDUI0Control query --fdui0input-state


You should see the following output:

Input Driver Details
--------------------
Driver state: running
Status: Desktop switched

You should now be able to switch desktop to Session 0 and see your interactive FireDaemon Pro services running per the screenshot below.


FireDaemon Zero and ZeroInput running on Session 0

Uninstalling FireDaemon ZeroInput

Complete the following steps:

  1. Login as a local or domain administrator
  2. Open an elevated command prompt.
  3. At the command prompt type:
    sc delete FDUI0Input

Then reboot your machine. This will ensure ZeroInput has been unloaded from memory.


Upgrading From An Earlier Version

If you upgrade to Windows 10 Version 2004 or later and have ZeroInput 0.0.0.3 installed, you will need to upgrade. ZeroInput 0.0.0.3 does not work with Windows 10 Version 2004 or later. Do the following to upgrade:

  • Remove ZeroInput per the step above
  • Install ZeroInput per the instruction above from Step 1 through Step 7.


Manual UI0Detect Service Installation

Should you ever want to install the Interactive Services Detection Service (UI0Detect) manually follow these instructions. First, check to see if the UI0Detect service is present via the following command at an elevated command prompt. If the service does not exist you will get an "OpenService FAILED 1060" error.

sc query UI0Detect

To set up the Interactive Services Detection Service manually, do the following:

  1. Login in as a local or domain administrator
  2. Open an elevated command prompt.
  3. At the elevated command prompt type the following three commands to re-create the UI0Detect service.
    sc create UI0Detect start= auto type= own type= interact error= severe binpath= "C:\Windows\System32\winver.exe"
    sc sidtype UI0Detect unrestricted
    sc privs UI0Detect SeTcbPrivilege/SeAssignPrimaryTokenPrivilege/SeIncreaseQuotaPrivilege/SeDebugPrivilege

Note: In the sc create command - we have used winver.exe in the binpath. This is a "stub". sc.exe won't create the service if you supply an invalid binpath. When you install FireDaemon Zero the binpath is updated. Alternately, and if you are feeling really brave, copy over the UI0Detect.exe binary from an earlier version of Windows 10 or Server 2016 to C:\Windows\System32. Then adjust the binpath to read "C:\Windows\System32\UI0Detect.exe". If you do this you will be able to start the UI0Detect service and you should be able to switch desktop to Session 0 via the legacy Interactive Services popup.


Bugs? Issues? Feature Requests?

Tell us what you think! All feedback is gratefully received!