Interactive Services Detection Service

Yesterday another admin notified me that his Vista machine prompted him before showing a message from a program I had distributed via SCCM.  The name of the prompt was "Interactive Services Dialog Detection", and it was requesting to show him a message.

Selecting "Show me the message" hides the desktop and allows the user to see the message.  After viewing the message, the user had to click on "Return Now" to get back to the desktop.

This event was a surprise to me.  I've been running Vista since it came out and the program we advertised has been advertised for the last 3 years, and we run it every month.  After researching this service, I discovered that it is a new security feature in Vista.  Designed to protect users by intercepting messages run under another security context.  In this case, the program is advertised to run whether or not a user is logged on, but allow users to interact with the program.  When these options are chosen in SCCM, the program runs under the machine account as a service.  Since this program pops up a message, we chose the option to allow users to interact so they can see the message and click okay on it.  Vista may see this as a security risk if the Interactive Services Detection service is running.  We checked 4 different Vista machines, and it appears the default behavior is the service is Stopped and set to Manual.   UAC did not appear to have any affect on this service.  Apparently this admin had done something else to set this service to Running.  There are several available ways to resolve this issue:

• Choose the option to run the program only when a user is logged on, and run it as the user.
• Don't make the program interactive (user will not see the program).
• Stop the Interactive Services Detection service.

Ignore it.  Vista is doing it's job of being safer.  Users may have to click an extra prompt.

I don't really recommend stopping or disabling the service since that is a built in security feature of Vista.  But it will prevent the prompt from appearing if desired.

Organize Collections with Drag and Drop

One of the plans we've had since I took over the administration of Configuration Manager is to organize the objects in the admin console.  SCCM makes it easier than SMS since it supports drag and drop.  The catch is that it only supports it with certain types of objects.  Collections is one of the object types that doesn't support drag and drop.  The only way I found to reorganize collection objects was to make a link of a collection to a second collection.  Making this link actually makes a 2nd instance of the collection appear in the hierarchy.  Then you can go back and safely delete the original collection.  The other option is to use a Microsoft provided SMS tool called CollTree.  Yes, the program does work with SCCM.  After downloading the SMS 2003 SDK you can compile the executable from \Program Files\Microsoft Systems Management Server 2003 SDK V3\Samples\VB\CollTree\CollTree.vbp  It's not as great as if Microsoft had built this functionality into the Admin Console, but at least it works!  Download a compiled version of CollTree here: http://myitforum.com/cs2/blogs/bleary/attachment/68439.ashx

Credits to Brian Leary for pointing out this useful tool: http://myitforum.com/cs2/blogs/bleary/archive/2006/12/01/colltree-drag-and-drop-collections-for-sms-2003.aspx