A. Users who interactively log on to a computer running Windows 2000 or later can perform tasks that might be security risks, such as gaining access to display and input devices that a computer process with wider-reaching privileges owns. These users then can create a process to capture passwords or sensitive data. (For more information about the problem, see Microsoft Security Bulletin MS00-200, "Patch Available for 'Desktop Separation' Vulnerability," at the Microsoft Web site.
Win2K SP1 corrected this vulnerability by adding a Secure Desktop Restriction setting, but the new locked-down functionality might adversely affect certain applications. If your application vendor advises you to disable this security setting, perform the following steps:
- Start a registry editor (e.g., regedit.exe).
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows.
- From the Edit menu, select New, DWORD Value.
- Enter a name of SecureDesktop.
- Double-click the new value, set it to 0 to disable the setting (you can set the value to 1 to re-enable the default configuration), then click OK.
- Restart the machine for the change to take effect.
