FireDaemon ZeroInput 0.0.0.7

TABLE OF CONTENTS

• WARNING AND DISCLAIMER
• What Is ZeroInput?
• What Does ZeroInput Cost?
• Why Do I Need ZeroInput?
• Operating System Compatibility
• Limitations
  • Limitation #1: VBS HVCI Breaks ZeroInput
  • Limitation #2: Access to Session 0 via RDP Doesn't Work Reliably
  • Limitation #3: VMware Virtual Machine SVGA Driver Bug
  • Limitation #4: Disable Secure Boot Before Installing ZeroInput
  • Limitation #5: Disable Hyper-V Hypervisor Before Installing ZeroInput
  • Limitation #6: ZeroInput does not work on ARM CPUs
• Installation Instructions
  • Step 1 - Install Windows. Patch Windows. Backup Windows
  • Step 2 - Connect and Logon to the Administrative Console of your computer
  • Step 3 - Download ZeroInput
  • Step 4 - Install the FireDaemon ZeroInput driver
  • Step 5 - Install FireDaemon Zero to Switch Desktop to Session 0
  • Step 6 - Install / Re-install Virtualisation Tools
  • Step 7 - Reboot and Confirm Installation is Successful
• Accessing Session 0
• Accessing Session 0 via RDP
• Uninstalling FireDaemon ZeroInput
• Upgrading Windows (a.k.a. In Place Upgrade)
• Manual UI0Detect Service Installation
• Bugs? Issues? Feature Requests?

• WARNING AND DISCLAIMER
• What Is ZeroInput?
• What Does ZeroInput Cost?
• Why do I Need ZeroInput?
• Operating System Compatibility
• Limitations
  • Limitation #1: VBS HVCI Breaks ZeroInput
  • Limitation #2: Access to Session 0 via RDP Doesn't Work Reliably
  • Limitation #3: VMware Virtual Machine SVGA Driver Bug
  • Limitation #4: Disable Secure Boot Before Installing ZeroInput
  • Limitation #5: Disable Hyper-V Hypervisor Before Installing ZeroInput
  • Limitation #6: ZeroInput does not work on ARM CPUs
• Installation Instructions
  • Step 1 - Install Windows. Patch Windows. Backup Windows
  • Step 2 - Connect and Logon to the Administrative Console of your computer
  • Step 3 - Download ZeroInput
  • Step 4 - Install the FireDaemon ZeroInput driver
  • Step 5 - Install FireDaemon Zero to Switch Desktop to Session 0
  • Step 6 - Install / Re-install Virtualisation Tools
  • Step 7 - Reboot and Confirm Installation is Successful
• Accessing Session 0
• Accessing Session 0 via RDP
• Uninstalling FireDaemon ZeroInput
• Upgrading Windows (a.k.a. In Place Upgrade)
• Manual UI0Detect Service Installation
• Bugs? Issues? Feature Requests?

What Is ZeroInput?

FireDaemon ZeroInput is a digitally signed kernel-mode driver that restores keyboard and mouse functionality and removes the "blacked-out desktop" on Session 0 on Windows 10, Windows 11, Server 2016, Server 2019, and Server 2022. FireDaemon ZeroInput works with FireDaemon Pro and FireDaemon Zero.

What Does ZeroInput Cost?

It's free. Use at your own risk. Please read the Warning and Disclaimer above.

Why Do I Need ZeroInput?

Interactive Microsoft Windows services are generally always launched on Microsoft Windows Session 0. Windows provided access to Session 0 via the Interactive Services Detection Service (UI0Detect). With the release of Windows 10 and Server 2016, Microsoft decided to block keyboard and mouse input on Session 0. So if you had an interactive Windows service running on Session 0, your keyboard and mouse will not work and you will not be able to interact with your application. With the release of Windows 10 1803 and Server 2019, Microsoft decided to remove the Interactive Services Detection Service entirely from the operating system. Hence, FireDaemon Zero and FireDaemon ZeroInput provide the only mechanism to switch to Session 0 and access interactive services running under FireDaemon Pro control on modern Windows operating systems.

Operating System Compatibility

ZeroInput works on Windows 10, Windows 11, Server 2016, Server 2019, and Server 2022 only. It's not required to be deployed on any other version of Windows. Please see the Deployment Matrix which summarises when and where you should deploy FireDaemon Zero and ZeroInput.

Limitations

Limitation #1: VBS HVCI Breaks ZeroInput

ZeroInput will not work if you enable VBS (Virtualization Based Security) HVCI (Hypervisor Enforced Code Integrity) on your machine. This article describes how to disable VBS / HVCI.

Limitation #2: Access to Session 0 via RDP Doesn't Work Reliably

There are numerous limitations regarding remote access to Session 0 via RDP. Please ensure you carefully review the FireDaemon Zero release notes prior to deploying ZeroInput. Also, review the Deployment Matrix.

Limitation #3: VMware Virtual Machine SVGA Driver Bug

If you are using Windows in a VMware virtual machine, then there is a bug in the VMware SVGA Helper Service that will cause your Windows desktop to fail when you switch to / from Session 0. Please see this article to resolve the problem.

Limitation #4: Disable Secure Boot Before Installing ZeroInput

If you have Secure Boot enabled, you will need to disable it prior to installing ZeroInput otherwise the driver will not load. To resolve, disable Secure Boot, reboot, install ZeroInput, enable Secure Boot and reboot one more time.

Limitation #5: Disable Hyper-V Hypervisor Before Installing ZeroInput

If you have the Hyper-V Hypervisor enabled (Control Panel -> Turn Windows features on or off -> Hyper-V Platform -> Hyper-V Hypervisor) you will need to turn it off. ZeroInput will not work if the host operating system is itself virtualised via Hyper-V. ZeroInput does work in guest virtual machines (i.e. those that have been virtualised with VMware ESXi, VMware Workstation, Oracle VirtualBox, Hyper-V Server, Azure, AWS, etc.).

Limitation #6: ZeroInput does not work on ARM CPUs

ZeroInput is designed to work with Windows Operating Systems deployed on Intel or AMD CPUs only.

Installation Instructions

There are seven (7) steps required to install FireDaemon ZeroInput. These are listed below. You must complete all seven (7) steps to successfully install FireDaemon ZeroInput.

Step 1 - Install Windows. Patch Windows. Backup Windows

Complete the following:

1. If you have not done so, install Windows 10, Windows 11, Server 2016, Server 2019, or Server 2022
2. Apply ALL Windows updates - everything - exclude nothing
3. Install your latest hypervisor support tools (e.g. VMware Tools)
4. Ensure your operating system is fully backed up so that you can completely restore it (e.g. bare metal backup or virtual machine snapshot).

Step 2 - Connect and Logon to the Administrative Console of your computer

FireDaemon ZeroInput is a kernel-mode driver. Windows requires you to install kernel-mode drivers on an "administrative console". Hence, you must login to an "administrative console" prior to installation using a local administrator or domain administrator account.

The administrative console is defined as:

• The physical desktop computer, desktop, laptop, etc. to which a physical mouse and keyboard are connected
• The console session is available via a computer management gateway such as Dell iDRAC, HP ILO, or equivalent
• The virtual machine console session (i.e. the screen displayed when accessing the machine via VMware vSphere Client or equivalent)
• The Administrative RDP session. To connect to this session type at an elevated command prompt:

  mstsc /v:<hostname> /admin

Step 3 - Download ZeroInput

Step 4 - Install the FireDaemon ZeroInput driver

Please complete the following initial steps:

1. Read the WARNING AND DISCLAIMER at the top of this document. You did read it? Right?
2. Re-read the WARNING AND DISCLAIMER at the top of this document. You really really read it? Right? Right?????
3. Review the Deployment Matrix to work out which version of FireDaemon ZeroInput you need to deploy based on your operating system version.

Then do the following:

1. Ensure you are logged in as a local or domain administrator on an "Administrative Console" (see above)
2. Unpack the ZeroInput ZIP file to a location of your choice. The contents of the ZIP file is as follows:
   
3. Each folder contains one or two ZIP files based on the ZeroInput version and computer architecture. For example:
   
4. Now extract the contents of the ZIP file specific to your computer operating system version and architecture. Review the Deployment Matrix to determine exactly which version you need. The list below summarises which ZIP file to use. Use Start -> Run -> winver.exe to determine your exact operating system version and build.
   
   - For Windows 10 1809 x86 (32-bit) or earlier use FireDaemon-ZeroInput-x86-0.0.0.4.zip
   - For Windows 10 1809 x64 (64-bit) or earlier use FireDaemon-ZeroInput-x64-0.0.0.4.zip
   
   - For Windows Server 2016 x64 (64-bit) use FireDaemon-ZeroInput-x64-0.0.0.4.zip
   - For Windows Server 2019 x64 (64-bit) use FireDaemon-ZeroInput-x64-0.0.0.4.zip
   
   - For Windows 10 1903 x86 (32-bit) or later use FireDaemon-ZeroInput-x86-0.0.0.5.zip
   - For Windows 10 1903 x64 (64-bit) or later use FireDaemon-ZeroInput-x64-0.0.0.5.zip
   
   - For Windows 11 x64 (64-bit) use FireDaemon-ZeroInput-x64-0.0.0.7.zip
   - For Windows Server 2022 x64 (64-bit) use FireDaemon-ZeroInput-x64-0.0.0.7.zip
   
   
5. The contents of all architecture/version ZIP files files are all the same. Once you have extracted the contents of the ZIP file navigate to "drivers" -> "FDUI0Input" per the screenshot below (N.B. if you cannot see the file name extensions in Windows Explorer ensure you enable then via View -> Show -> File Name Extensions):
   
6. Right-click on the FDUI0Input.inf (the one with the single cog) and select Install
7. The driver will be automatically installed (and the corresponding FDUI0Input Windows service created). You may or may not see an installation confirmation dialog
8. It's also possible to install FireDaemon ZeroInput via the command line. This is good for scripted installs.
   
   You can install the 0.0.0.4 driver via an elevated command prompt as follows (n.b. you must specify the <FullPathToDriver>):
   

   rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 132 <FullPathToDriver>\FDUI0Input.inf

   You can install the 0.0.0.5 and 0.0.0.7 drivers via an elevated command prompt as follows:

   pnputil /add-driver FDUI0Input.inf /install

Step 5 - Install FireDaemon Zero to Switch Desktop to Session 0

If you have Windows 10 1803 or later, Windows 11, Server 2019, or Server 2022 installed, the Interactive Services Detection Service (UI0Detect) binaries have been removed from the operating system. Hence, you must install FireDaemon Zero to allow you to switch your desktop to Session 0. This step is optional on Server 2016 - however, managing Session 0 via the built-in Interactive Services Detection Service popup is painful. FireDaemon Zero enables interactive services system-wide, updates the UI0Detect service to work with the Zero task tray applet plus gives you an easy way to switch back and forth between your logged-in user session and Session 0.

Step 6 - Install / Re-install Virtualisation Tools

If your operating system is virtualised, please install or completely uninstall and re-install the corresponding helper tools (e.g., VMware Tools, Virtualbox Guest Additions, etc.).

Step 7 - Reboot and Confirm Installation is Successful

Now reboot your computer. FireDaemon Zero is ZeroInput aware. You can query the running state of the ZeroInput driver by typing the following at an elevated command prompt after your computer has rebooted:

For FireDaemon Zero 2:

cd /d "C:\Program Files\FireDaemon Zero"
FDUI0Control query --fdui0input-state

For FireDaemon Zero 3:

cd /d "C:\Program Files\FireDaemon Zero"
FDUI0CLI query --fdui0input-state

You should see the following output similar to the following:

Input Driver Details
--------------------
Driver state: running
Status: Desktop switched

Accessing Session 0

Once FireDaemon Zero and ZeroInput have been installed you can access Session 0 by logging into your computer and then switching to Session 0 using one of the three methods:

1. By responding to the Interactive Services Detection Services Switch Desktop Popup notification which is available on Windows 7 through Windows Server 2016 only:
   
   
   
2. By double-clicking on the FireDaemon Zero Tray icon:
   
   
3. By clicking on the FireDaemon Pro Switch Desktop icon:
   
   

Accessing Session 0 via RDP

Access to Session 0 via RDP is inconsistent and will depend on the Windows version you are using. Please review the Deployment Matrix to get an idea of whether access is permitted. In summary:

• Access to Session 0 via RDP is unrestricted on Windows 7 through Server 2016
• Access to Session 0 via RDP is possible on Server 2019 but you will be kicked back to the Windows login screen when you return from Session 0
• Access to Session 0 via RDP on recent versions of Windows 10, 11, and Server 2022 is no longer possible. You will have to use an alternate console-sharing product such as VMware VMRC, Dell iDRAC, TeamViewer, or TSplus. These solutions may or may not work reliably. Test thoroughly.

Uninstalling FireDaemon ZeroInput

Complete the following steps:

1. Login as a local or domain administrator
2. Open an elevated command prompt.
3. At the command prompt type:

   sc delete FDUI0Input

Then reboot your machine. This will ensure ZeroInput has been unloaded from memory. Note this does not delete the driver from the disk drive.

Upgrading Windows (a.k.a. In Place Upgrade)

Upgrading Windows from one version to the next is hazardous. We recommend you do not do this as the machine can be left in an unknown state and may be unreliable. We recommend that you install Windows from scratch, apply all Windows updates, and then deploy the latest version of FireDaemon software products. If you absolutely have to upgrade Windows (e.g. from Windows 10 to Windows 11) and have ZeroInput 0.0.0.5 or earlier installed, you will need to:

• Remove ZeroInput per the step above
• Upgrade your operating system
• Install the version of ZeroInput qualified for your new operating system version (e.g. ZeroInput 0.0.0.7 for Windows 11) per the instructions above from Step 1 through Step 7.

Manual UI0Detect Service Installation

Should you ever want to install the Interactive Services Detection Service (UI0Detect) manually follow these instructions. First, check to see if the UI0Detect service is present via the following command at an elevated command prompt. If the service does not exist you will get an "OpenService FAILED 1060" error.

sc query UI0Detect

To set up the Interactive Services Detection Service manually, do the following:

1. Login in as a local or domain administrator
2. Open an elevated command prompt.
3. At the elevated command prompt type the following three commands to re-create the UI0Detect service.

   sc create UI0Detect start= auto type= own type= interact error= severe binpath= "C:\Windows\System32\winver.exe"
   sc sidtype UI0Detect unrestricted
   sc privs UI0Detect SeTcbPrivilege/SeAssignPrimaryTokenPrivilege/SeIncreaseQuotaPrivilege/SeDebugPrivilege

Note: In the sc create command - we have used winver.exe in the binpath. This is a "stub". sc.exe won't create the service if you supply an invalid binpath. When you install FireDaemon Zero the binpath is updated. Alternately, and if you are feeling really brave, copy over the UI0Detect.exe binary from an earlier version of Windows 10 or Server 2016 to C:\Windows\System32. Then adjust the binpath to read "C:\Windows\System32\UI0Detect.exe". If you do this you will be able to start the UI0Detect service and you should be able to switch desktop to Session 0 via the legacy Interactive Services popup.

Bugs? Issues? Feature Requests?

Tell us what you think! All feedback is gratefully received!