TONT 41743 为什么快速用户切换在域上不能使用



Windows XP added a new feature called Fast User Switching which lets you switch between users without having to log off. But this feature is disabled if your computer is joined to a domain. Why?

Windows XP新增了一项叫『快速用户切换』的功能,可以让使用者在不同用户间切换而不必先注销,但如果当前计算机加入了域的话,这个功能就不可用,为什么呢?

There were several reasons, none of them individually insurmountable, but they added up to quite a lot of work for something IT administrators weren’t even sure they wanted. (See a previous entry on retraining costs.)


  • How do you show all the users on the domain in the Welcome screen? You certainly don’t want a list with 10,000 names in it. (Scroll scroll scroll.)
  • How do you check whether a user has a password? In Windows XP, the Welcome screen merely tries to log you on with a blank password. If it works, then poof! you’re in. If it doesn’t work, then it displays the password prompt. This works, but it also generates a failed password event into your security event log. Many IT administrators have a passwork lockout policy, where if you get your password wrong more than N times, your account is locked. Blank password probing would result in locked-out accounts all over the company.
    如何判断用户是否设置了密码?Windows XP的欢迎屏幕会首先尝试用空密码进行登录。如果用户正好也没有设置密码,那么duang地一下,恭喜,你登录成功了。如果用户设置过密码,那么欢迎屏幕就显示『输入密码』的提示。这种设计的确有用(译注:加快了空密码用户的登录速度),但也会(在用户设置了密码的情况下)在安全日志中留下一次登录失败的记录。许多IT管理员(在域设置中)设置了密码自动锁定策略,意思是如果你登录失败了N次,那么账户就会被自动锁定。而欢迎屏幕的这种设计会在整个公司里造成成片的锁定账户。

Those of you who have gotten Longhorn can see that Fast User Switching is now enabled on domains. New infrastructure needed to be developed to enable the feature on domains without ruining the domain administrators’ lives.



电子邮件地址不会被公开。 必填项已用*标注

 剩余字数 ( Characters available )


Notice: please DO NOT add any links in your comment, otherwise it would be identified as SPAM automatically.