Why isn't Fast User Switching enabled on domains?
Windows XP added a new feature called Fast User Switching which lets you switch between users without having to log off. But this feature is disabled if your computer is joined to a domain. Why?
There were several reasons, none of them individually insurmountable, but they added up to quite a lot of work for something IT administrators weren’t even sure they wanted. (See a previous entry on retraining costs.)
- How do you show all the users on the domain in the Welcome screen? You certainly don’t want a list with 10,000 names in it. (Scroll scroll scroll.)
- How do you check whether a user has a password? In Windows XP, the Welcome screen merely tries to log you on with a blank password. If it works, then poof! you’re in. If it doesn’t work, then it displays the password prompt. This works, but it also generates a failed password event into your security event log. Many IT administrators have a passwork lockout policy, where if you get your password wrong more than N times, your account is locked. Blank password probing would result in locked-out accounts all over the company.
Those of you who have gotten Longhorn can see that Fast User Switching is now enabled on domains. New infrastructure needed to be developed to enable the feature on domains without ruining the domain administrators’ lives.