/, Tutorials/Looking Glass Optimization: Bypassing Secure Desktop

Looking Glass Optimization: Bypassing Secure Desktop

On December 14, 2017, Geoffrey McRae, commonly known as gnif, released his highly anticipated Looking Glass software. Looking Glass utilizes a new technology called KVMFR (Kernel Virtual Machine Frame Relay) that allows the framebuffer of a dedicated GPU being used by a Windows virtual machine to be copied onto the host display. This enables the use of GPU-passthrough for gaming on Windows virtual machines without a dedicated monitor for the virtual machine.

Read also: Automatic Monitor Switching using DDC and Hook Helper

Demystifying Looking Glass

Despite being in its early alpha stages, Looking Glass is a very impressive piece of technology. Of course, there are some limitations to the software. Some of these limitations come from a windows security feature called the secure desktop. The secure desktop is a desktop environment separate from the normal userspace. The secure desktop is used on screens in which the user inputs sensitive data that needs to be secure.

Unfortunately, it is impossible for user programs to gain control over the secure desktop, so Looking Glass does not work when the secure desktop is being used. This is a rather large limitation considering the secure desktop is used during UAC prompts and on the shutdown, restart, lock, and Ctrl+Alt+Delete screens. While there isn’t a solution to accessing all of these screens, there are workarounds to bypass the secure desktop on the two most important screens, the login screen and the UAC prompt.

Bypassing The Windows Login Screen

  1. Open the run dialog by pressing R while holding the windows key.
  2. Type “netplwiz” to open the user accounts dialog
  3. Select your username under “Users for this computer:”
  4. Deselect the “Users must enter a username and password to use this computer.” option
  5. Click apply and enter your password twice where prompted
  6. The next time you turn on the virtual machine you will boot straight into your desktop without entering a password.

secure desktop

Note: Be sure to run the looking glass program upon startup by adding a path to the program as a string value in  “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” using regedit. This will allow Looking Glass to be used without a need to switch to the guest’s physical display.

Interacting with UAC prompts

In addition to the login screen, the secure desktop is also used when a UAC prompt is displayed on the screen. These prompts are fairly common when running Windows programs, so not being able to interact with them is a big limitation. Fortunately, secure desktop can be completely disabled for UAC prompts.

  1. Open the Windows search menu and search for “Local Security Policy”
  2. Open Local Security policy and navigate to Local Policies > Security Options
  3. Double click on “User Account Control: Switch to the secure desktop when prompting for elevation” and set it to disabled

secure desktop

Once this is done, you should have a much better time working with looking glass in your headless windows guest.

Join our Discord to get help on Looking Glass and other topics!


Images courtesy Pixabay

By |2017-12-23T18:54:25+00:00December 23rd, 2017|All Articles, Tutorials|0 Comments|490 Views

About the Author:

A longstanding member of the VFIO community. Currently pursuing a Computer Engineering degree with a passion for technology.