I was wrong. This post presents the proof that more than one interactive session is indeed possible within Windows 7.
Considering this, I remembered the many times I needed to login interactively into a client machine while the user was logged in. How many reasons where there? How many helpdesk calls, tests, validations, etc. without having to lock or logoff the user? How many times have I prayed for some way to bypass this limitation? Hundred of times. Particularly for the server editions when the 2 remote sessions limit (plus 1 for the console) was hit. What was more annoying? Killing remote sessions or be killed by someone else that also needed to enter?
But the most important point I'd like to raise with this post, is that my hack targets Winlogon, opposing the traditional and obvious target that aims to Remote Desktop service (termsrv.dll). Winlogon has become the master in this domain. Isn't this an error? Should Winlogon have such power? This seems contrary to Microsoft modular policy.
You can login now and as you’ll see, you’ll be in a newly fresh interactive session.
No error messages, no one being killed or locked.
I'm not going to delve more in the subject, nor will I be sharing the tool I built like in the other posts because I don't want to get in trouble with Microsoft, but for those willing to send me an email requesting the tool, I'll share it with you.
PS: being a PoC the tool only works on Windows 7 (yeh!) SP1 32 bits.