FireDaemon Zero and Zero OEM 3.2.4

FireDaemon Zero 3 is a major update to our Session 0 management product. FireDaemon Zero allows you to easily switch to and from Session 0 on specific versions of Microsoft Windows.


Interactive FireDaemon Pro 5 Services and Zero 3 Tray Running on Session 0


TABLE OF CONTENTS

Minimum System Requirements

Please see the FireDaemon Zero Compatibility and Support Matrix. Please also review the Changelog.


Important: Review the Deployment Matrix

Before deploying FireDaemon Zero on any system, please refer to the FireDaemon Zero and ZeroInput Deployment Matrix for important information about compatibility and minimum system requirements. You will have to deploy FireDaemon ZeroInput on newer versions of Windows. Additionally, Windows 10 and Windows 11 may be VBS / HVCI enabled which will cause FireDaemon ZeroInput to not work properly. This article describes how to disable VBS / HVCI.


FireDaemon Zero 3 End User Download

FireDaemon Zero 2 license keys do not work with FireDaemon Zero 3. You will need to obtain a new license key to use FireDaemon Zero 3. Please read the "Get New License Keys" section below.


FireDaemon Zero 3.2.4 64-bit / x64 (Intel / AMD only)

March 2024 - 30-day trial

Download FireDaemon Zero 3 64-bit

64-bit EXE Installer SHA2-256 Checksum

746CADD3848CB1DD9B48AA707480E379659851BEB8E064574360AB839B680490


Need to calculate the checksum? Download FireDaemon Lozenge!


FireDaemon Zero 3 OEM Integrator Download

FireDaemon Zero OEM customers can download product updates via the download link embedded in your Cleverbridge order confirmation or subscription renewal email. If you can't find that email or are unsure of your Cleverbridge reference number please contact us. FireDaemon Zero 3 OEM is available to existing customers who have a current Software Assurance and Technical Support subscription.


FireDaemon Zero 3 New Features


FeatureDescription
64-bit onlyMicrosoft ceased delivering 32-bit native operating systems in 2020. Hence, FireDaemon Zero 3 is now only offered as a 64-bit product.
Hardware-based code signingAll FireDaemon software products have been digitally signed for several years.  Earlier installers and binaries were signing with SHA1 and SHA256 2048-bit digests. Zero 3 implements hardware-based SHA256 4096-bit Extended Validation (EV) code signing. SHA1 has been dropped. This adheres to industry best practices and provides two levels of trust:
  1. The issuance of a hardware-based EV Code Signing Certificate is contingent on FireDaemon Technologies Limited being audited by the certificate issuer (i.e. SECTIGO); and
  2. Security Teams can validate our installers and binaries to ensure they have not been tampered with by confirming the presence of our EV Code Signing Certificate.
Zero Input CompatibilityFireDaemon Zero 3 works with FireDaemon ZeroInput to give extended error reporting via the FDUI0CLI query --fdui0input-state command line option. FireDaemon Zero 3 will also warn you if you have not installed FireDaemon ZeroInput or the driver is not running correctly.
Command Line Binary Name ChangesFDUI0Control.com and FDUI0Control.exe have been renamed FDUI0CLI.com and FDUI0CLI.exe for consistency with other FireDaemon products.
Task Tray Service NamesThe name of the FireDaemon Pro service name is listed in the FireDaemon Zero Task Tray that runs on Session 0
Enable Legacy ConsoleLegacy Console Mode can be enabled for the Localsystem user via Options -> Quirks. This makes interactive console-based applications running under FireDaemon Pro control visible on Session 0 when using 3rd-party remote control products such as TeamViewer
Context Menu ChangesThe "Documentation" option has been removed from the Session 0 context menu as this requires a browser that works sanely on Session 0. A "Screen Refresh" option has been added to the Session 0 context menu to allow you to force the refresh / redraw of GUI components on Session 0.
Universal CRTWe always shipped the most recent Microsoft Visual C++ Runtime inside the installer which was installed as a pre-requisite. This dependency has been removed and FireDaemon Zero 3 now uses the Universal C++ Runtime which is pre-installed with the operating system and maintained via Windows Update. This results in the installer being significantly smaller.
New InstallerFireDaemon Zero 2 and earlier installers were built using InstallShield. InstallShield does not support the detection and deployment of the Microsoft Visual Studio Runtime (MSVCRT) particularly well, forcing reboots in the event of earlier versions of the MSVCRT being present on your computer system. We have replaced the InstallShield MSI installer with an Advanced Installer MSI installer package that correctly handles MSVCRT deployments and upgrades. The installer also checks to confirm the product certificate chain is available and forces the upgrade to be installed into the same installation directory.
SBoMThe need to supply a Software Bill of Materials (SBoM) is now often mandatory for various industries as part of a supply chain software audit. FireDaemon Zero 3 includes an SBoM. It can be found in the About dialog.
Software Assurance and Priority Technical Support SubscriptionFireDaemon Zero 2 offered two subscriptions to customers. A Software Assurance subscription and a Priority Technical Support subscription. This often caused confusion regarding software upgrades and support entitlements. To resolve this we now have a single unified Software Assurance and Priority Technical Support subscription. It costs roughly the same as both previous subscriptions. We feel this will be easier to manage and simpler to understand from an upgrade entitlement, software procurement, and support perspective moving forward.


Buy FireDaemon Zero 3

You can purchase FireDaemon Zero 3 via the webstore. For detailed pricing information and discounts please see the pricing page.


FireDaemon Zero 3 Documentation

We are currently in the process of updating the FireDaemon Zero 3 documentation. The FireDaemon Zero 3 OEM configuration and installation guide is available here.


Before Upgrading To FireDaemon Zero 3

Before you consider upgrading to FireDaemon Zero 2, please ensure you have completed the following pre-flight checks:


Step 1. Check Compatibility

Step 2. Backup

  • Ensure you backup and/or snapshot your machine.

Step 3. Get New License Keys

  • Your FireDaemon Zero 2 or earlier license key will not work with FireDaemon Zero 3.
  • If you have an active Software Assurance subscription you can upgrade to FireDaemon Zero 3 or FireDaemon Zero OEM 3 for free. Please contact us to obtain your new license keys or link to download FireDaemon Zero 3 OEM.
  • Otherwise, if you have purchased an earlier version of FireDaemon Zero, you will need to purchase a FireDaemon Zero upgrade license key.

Step 3. Check Your Upgrade Path

  • If you have FireDaemon Session 0 Viewer 1 installed, this product will be removed and replaced with FireDaemon Zero 3.
  • If you currently have Zero 2 installed, your version will be upgraded to FireDaemon Zero 3.

Step 4. Prepare for the Upgrade

  • If you have applied your FireDaemon Zero 2 license key, then your license key will no longer be valid. Please apply your FireDaemon Zero 3 license key once the upgrade is complete.

Windows In-Place Upgrades Sometimes Break Session 0

If you complete an in-place upgrade of Windows (e.g. Server 2012 R2 to Server 2022) sometimes, the upgrade breaks Session 0. Specifically, after installing FireDaemon Zero and ZeroInput, when you switch desktop to Session 0, you may see a black screen with a CMD prompt and/or PowerShell prompt on it instead of your interactive services and the FireDaemon Zero Task Tray. We don't know why this happens. Needless to say, the only resolution is to re-install Windows from scratch.


Interactive Services Detection Service has been removed from Windows 10, 11, and Server 2019, 2022

Microsoft removed the Interactive Services Detection Service entirely on Windows 10 1803 or later versions, Windows 11, Server 2019, and Server 2022. Hence, it's no longer possible to switch to Session 0 on those OS versions via the Interactive Services Detection Service (UI0Detect). If you are running Windows 10 1709 or earlier versions of Windows then Session 0 access still works as normal. If you have FireDaemon Zero installed and you upgraded to Windows 10 1803, the Interactive Service Detection Service will be preserved, however, when you switch desktop, you will switch to a blank screen. You will need to deploy our ZeroInput driver to resolve this issue. Ensure you review the FireDaemon Zero + ZeroInput Compatibility Deployment Matrix before deploying FireDaemon Zero.


Forced re-login when returning from Session 0 on Windows 10 1809 and Server 2019 1809

If you RDP into Windows 10 1809 or Server 2019 1809 or later versions and switch desktop to Session 0 then attempt to switch back to your logged-in session - you will always be returned to the Windows login screen. We have no fix or workaround for this. Note that you do not see this behaviour if you are logged directly into the Windows 10 1809 or Windows Server 2019 1809 console.


No Access to Session 0 via RDP on Windows 10 1903 or later, Windows 11, or Server 2022

Switching to Session 0 on Windows 10 1903 or later, Windows 11, or Server 2022 over RDP no longer works. It would appear Microsoft is now actively blocking the contents of the Session 0 desktop from being rendered in the RDP session and/or dropping the RDP session entirely. If you try switching to Session 0 your RDP session will hang, you will have to forcibly disconnect and then reconnect to your computer. The only workarounds that we know of are:

  • Login to the physical console session of your computer directly (e.g. via physical keyboard and mouse, via hardware-based computer gateways such as Dell iDRAC or HP ILO, or via virtual machine console offered by VMware vSphere or equivalent such as VMRC or VMware Browser Console).
  • Abandon Microsoft RDP entirely and try using an alternate remote control product instead such as TightVNC, TeamViewer, or TSplus. Your mileage may vary depending on the remote control tool you choose and the particular version of Windows you use. Ensure you test thoroughly.


RDP session freeze when switching to Session 0 on the console session on Server 2012 R2, 2016, 2019, 2022

If you connect to the physical console of your Windows Server (i.e. the desktop to which the keyboard and mouse are connected) and then switch desktop to Session 0, all existing RDP sessions may appear to freeze until you return from Session 0. From our investigations, this appears to be due to an unresolvable issue in the terminpt.sys driver that is used by the "Remote Desktop Keyboard Device" and "Remote Desktop Mouse Device". Specifically, mouse movements are intercepted on Session 0 first which leads to the illusion that the RDP session is frozen. Mouse movements on Session 0 may be replicated in the RDP session! We do not have a fix or workaround for this particular scenario. However, we also observed similar behaviour on VMware Virtual Machines where RDP sessions would appear frozen under the same circumstances. We found that fully patching Windows and upgrading VMware Tools to 12.4.0 or later resolved this issue for us. Your mileage may vary.


Interactive console applications running on Session 0 on Server 2022 may not be visible when using TeamViewer

If you TeamViewer to your computer and switch desktop to Session 0 console applications (e.g. cmd.exe, powershell.exe) running as the user LocalSystem will not be displayed on the Session 0 desktop. To resolve this you need to enable legacy console for the LocalSystem user or a user with local machine administrative privileges and then run the FireDaemon Pro service as that user.


Enable Legacy Console for LocalSystem

You can also enable legacy console for LocalSystem via the FireDaemon Zero Options dialog -> Quirks tab. Alternatively, you can enable legacy console for the LocalSystem user by creating the following registry key. Ensure you restart your machine for this change to take effect.

[HKEY_USERS\S-1-5-18\Console]
"ForceV2"=dword:00000000

Enable Legacy Console for Other Administrative Users

Note that for FireDaemon Pro services to be visible on Session 0 they must be run as a user with local administrative or domain administrative privileges. To enable legacy console for that user:

  1. Login to a computer as the specific user with administrative rights
  2. Start cmd.exe
  3. From the cmd.exe context menu choose Properties
  4. Check "Use legacy console" then click OK
  5. Then change the logon credentials of your FireDaemon Pro service to those of the user you just logged in as (i.e. a local or domain administrator). To do that:
    1. Start FireDaemon Pro GUI
    2. Edit the FireDaemon Pro Service
    3. Click on Settings tab
    4. Change the Logon Account to .\Administrator or another local or domain administrator account and set the Password
    5. Restart the FireDaemon Pro service.


Bugs? Issues? Feature Requests?

Tell us what you think! All feedback is gratefully received!


Screenshots

FireDaemon Pro 5 and Zero 3 Running on the Logged-On User Session

FireDaemon Pro 5 and Zero 3 Running on the Logged-On User Session

Interactive FireDaemon Pro 5 Services and Zero 3 Tray Running on Session 0

Interactive FireDaemon Pro 5 Services and Zero 3 Tray Running on Session 0