List of Features Removed in Windows Vista - User Accounts and Winlogon

User Accounts and Winlogon

• Winlogon no longer shows details of password complexity policy requirements due to the removal of GINA.
• The Biologon API to programmatically create a new interactive user session using the InitiateInteractiveLogon function has been removed.
• Unlike Windows XP, an administrator can no longer unlock the computer when another standard user has locked it.
• Protected Storage (PStore) has been deprecated and therefore made read-only in Windows Vista. Microsoft recommends using DPAPI to add new PStore data items or manage existing ones. However existing applications such as Outlook 2002 which used PStore are unable to save passwords as a result. Any application that tries to create new PStore data items will fail.
• Although classic logon and Ctrl+Alt+Del enforcement can be enabled through Group Policy, the classic logon prompt cannot be made to appear by pressing Ctrl+Alt+Del at the Welcome screen twice. This makes it impossible to logon to a hidden user account while the Welcome screen is enabled (when Classic Logon is not enforced through Group Policy).
• Because of the classic logon being removed, domain names are no longer populated on the logon screen and cannot be selected from a drop down list.
• The ability to run a Control Panel applet as a different user by using Shift+Right click has been removed.
• It is not possible to override Autologon and Startup items by pressing the SHIFT key before logon. The IgnoreShiftOverride registry value is ignored.
• 16-bit applications launched with administrator-level privileges always run in their own memory space, even if launched via "Start /Shared" on the command line or if the CREATE_SEPARATE_WOW_VDM flag is specified with the CreateProcess API; 16-bit inter-process communication therefore only works for non-elevated processes, as these can still be configured to run in the same memory space.
• The RunAs feature in the shell has been replaced with "Run as administrator" of User Account Control. The RunAs feature does not allow a local administrator-equivalent command shell to be started except for the Administrator account.
• Internet Explorer can no longer be launched from a command prompt started with alternate credentials using RunAs. This is also true for Internet Explorer 7 running under Windows XP (it can, but you must type the complete path to the executable, not just IEXPLORE or IEXPLORE.EXE).
• When User Account Control is enabled, any process started with Administrator-level privileges does not inherit the drive mappings of the interactively logged on user, despite the same account being used. This can lead to scenarios where non-UAC processes such as Windows Explorer have access to an application on a network drive, but insufficient permissions to execute it; conversely, the UAC-elevated process has sufficient local permissions, but cannot see the network application.
• The GINA library and support for GINA-based authentication has been replaced with Credential Providers so that authentication plug-ins are moved out of the Winlogon process space to the fullest extent possible in order to provide more reliability and consistency. Consequently, third-party GINA modules must be ported to the Credential Provider model. Credential providers however do not allow customization which GINA allowed. For example it does not support programmatically using Fast User Switching.
• Winlogon Notification Packages are no longer supported in Windows Vista.
• The logon screen does not show the number of running programs or unread email messages when using Fast User Switching.
• The All Users wallpaper can no longer be changed. All Windows Vista machines now show the same wallpaper at the logon screen.
• Due to security concerns, the All Users screen saver can no longer be changed. (Replacing the screen saver was a common method of unauthorized privilege escalation in earlier versions of Windows.)
• Due to security concerns, system services can no longer natively interact with the user's desktop in Windows Vista. This is a change from all previous NT releases.
• Cached roaming profiles cannot be deleted directly from the file system as this renders the account unable to logon to the workstation again, even if the account is also removed from "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList". The only supported method of manually deleting a roaming profile is via the System applet of the Control Panel or via the commandline DelProf utility, which uses the DeleteProfile API.
• The "Network Configuration Operators" built-in group no longer delegates permissions to manage system network connections; only system-wide administrator-level permissions can now be used to achieve this. Operations like the "Repair" action of a network connection can therefore be carried out by an administrator only.
• The ability to change the stored password of a domain in Stored User Names and Passwords while the computer is connected to a workgroup has been removed.
• The Stored User Names and Passwords credential manager does not accept the \* syntax which allowed users to wildcard all passwords in a domain.