7.8. Showing messages on the user lock screen

This section will outline how the IDERI note Client is able to show messages on the Windows® 10 user lock screen and what the differences are between the Windows® 10 user lock screen and the Windows® login screen. In addition, this section will explain how notifications on the Windows® login screen about waiting messages in a locked user logon session can be displayed on both Windows® 8 and Windows® 10.

Attention

Some features outlined in this section are disabled by default on computers running Windows® server operating systems

Activating the Windows® logon screen for pending messages on it and showing notifications on the logon screen for pending messages on a locked user desktop are disabled by default on computers running Windows® server operating systems. These features have no benefit when being enabled on a Windows® Terminal Server, but rather contribute unnecessarily to system load. On server computers that are running in single-user terminal services mode or on standalone servers that are used much like a Windows® workstation, these features can be enabled by setting the “ServerOverrideWLN” registry DWORD value (see table inotecln.exe Registry Values) to a non-zero value. At installation time the MSI property “SERVER_OVERRIDE_WLN” (see table intclnt.msi MSI properties) can be used to activate these features.

7.8.1. Overview

The IDERI note client package has provided the ability to show IDERI note message windows and the IDERI note ticker above the then new immersive apps (aka “Metro Apps”) and the immersive launcher shell shortly after the introduction of Windows® 8. The behaviour of the IDERI note client components with respect to this Windows® 8 intricacy is governed by the DWORD registry value “RunOnTopOfMetro” for the client (see table inotecln.exe Registry Values) and the ticker (see table inotickr.exe Registry Values ).

Although Windows® 8 immersive apps or its successor, Windows® 10 UWP apps, have still not gained major significance compared to traditional Win32 applications, the “RunOnTopOfMetro” DWORD registry value is of even greater importance on Windows® 10 than it was on Windows® 8. Windows® 10 introduces a new feature called the “user lock screen”. The user lock screen is the screen shown immediately after the user locks the screen and may show personal user content such as notification badges for UWP apps or upcoming calendar events. In order to unlock the computer session when the user lock screen is shown on Windows® 10, users typically hit any key (or Ctrl-Alt-Del, if entering the secure attention sequence is required prior to logging on) and the windows login screen is shown to the user, where the user can enter credentials in order to unlock the computer. With default settings for the IDERI note message windows and the IDERI note ticker, the “RunOnTopOfMetro” DWORD registry value is 1, which also makes the user interface of these components visible on the Windows® 10 user lock screen. Figure 7.23 shows an example of an IDERI note message window and the IDERI note ticker running on the Windows® 10 user lock screen.

The Windows® 10 lock screen showing a message window and the ticker

Figure 7.23: The Windows® 10 lock screen showing an IDERI note message window and the IDERI note ticker

Attention

The Windows® 10 user lock screen is not the same as the Windows® 10 logon screen

The Windows® logon screen is the screen where users can enter their user name and password in order to access or create an interactive logon session, whereas the Windows® 10 user lock screen is shown after a user has logged in but subsequently locked the screen. After the user locking an interactive logon session, Windows® 10 will always show the user lock screen immediately. The Windows® 10 lock screen will then be shown as in figure 7.23 until a key is pressed (or Ctrl-Alt-Del is pressed, if policies require pressing the secure attention sequence Ctrl-Alt-Del prior to login). After pressing a key (or Ctrl-Alt-Del) the current desktop will then switch from the Windows® 10 user lock screen to the Windows® 10 logon screen, as shown in figure 7.22. After some period of inactivity (~120 seconds), the current desktop will subsequently switch back again from the Windows® 10 logon screen to the Windows® 10 user lock screen. This behaviour can be disadvantageous in situations, where IDERI note messages are shown on the Windows® 10 logon screen and no messages are visible on the user lock screen. The IDERI note client tries to detect situations where messages on the Windows® 10 logon screen are displayed to the user, but have been made invisible by Windows automatically switching to the Windows® 10 user lock screen after periods of inactivity. If this situation is detected, the IDERI note client will try to switch the current desktop to the Windows® 10 logon screen so messages on the Windows® 10 logon screen can be noticed by users.

As a corollary, if the “RunOnTopOfMetro” DWORD registry value is set to any other value than 1 for the IDERI note client or the IDERI note ticker, the component’s UI can only be noticed by the user after unlocking the computer session and will not be shown on the user lock screen. If your company policy does not allow any personal content of users to be shown on the Windows® 10 lock screen, you should consider changing the value of the “RunOnTopOfMetro” DWORD registry value for both the IDERI note client and the IDERI note ticker to 0.

Attention

The Windows® 10 user lock screen is not available for the builtin administrator account

Each installation of Windows® creates a user named “Administrator” that represents a builtin administrator account. This user runs with the highest possible privileges on the system and is usually disabled by default on Windows® workstation operating system editions. Windows® 10, Windows® Server 2016 and Windows® Server 2019 do not create a user lock screen for this user and the builtin Administrator user of the Active Directory® domain. The same is also true for other members of the local administrator group, if the User Account Control Feature, that had been introduced with Windows® Vista, is completely disabled on a computer.

7.8.3. Showing message notifications on the Windows® logon screen

If the IDERI note client is running on Windows® 8, messages waiting to be displayed to the user cannot be shown on the user lock screen, simply because the user lock screen doesn’t exist on Windows® 8. Likewise, on Windows® 10 if either the “RunOnTopOfMetro” DWORD registry value for the message windows or the ticker are set to a value different to 1, parts of the IDERI note client user interface will not be shown on the user lock screen. In order to give users a visual cue, that IDERI note messages of some sort are waiting on the locked desktop of the logged in user, a notification message will be shown on the Windows® logon screen as in figure 7.24.

A message notification shown on the Windows® logon screen

Figure 7.24: A message notification shown on the Windows® logon screen

If such a notification window is dismissed by clicking the link button labeled “Remind me later”, the notification will reappear after 60 seconds. The timeout value for reappearance of such notifications is controlled by the “WLNDelay” DWORD registry value (see table inotecln.exe Registry Values) and the MSI property “WLNDELAY” (see table intclnt.msi MSI properties). If the notification is dismissed by clicking on the close symbol in the upper right corner, a notification window will only appear if any of the messages to be displayed on the user desktop changes.

Showing a message notification on the Windows® logon screen can be disabled with the “AllowWinlogonNotifications” DWORD registry value (see table inotecln.exe Registry Values) and the MSI property “ALLOW_WLN_NOTIFICATIONS” (see table intclnt.msi MSI properties).