Why isn’t the original window order always preserved when you undo an Aero Shake?

A customer reported that when they used Aero Shake to minimize all the windows on their desktop, and then used it again to restore all the windows, the restored windows didn't always have exactly the same z-order as they did originally. The customer wanted to know whether this was expected.

It's not expected, but it's not unexpected either.

Aero Shake is a shortcut for the Minimize All and Undo Minimize All commands, and consequently it is subject to all the same constraints as those commands. In particular, it makes a best-effort attempt to restore the windows in the correct order, but if there's a window that is slow to restore, Explorer doesn't sit around and wait for the window to finish restoring. It just moves ahead and restores the next window. That way, a hung app doesn't prevent Explorer from restoring your windows.

Comments (25)
  1. Muzer says:

    Is there a way for an individual user to disable it on their computer connected to a corporate network? It’s by far Windows’s most annoying feature for me, since it’s far too easy to accidentally trigger. The answer is obviously “Group Policy”, but (though I don’t understand this very much) I don’t believe I can set a local override for group policy on a machine that’s on a corporate domain. Should I just be one of those evil people who directly edits an undocumented setting in the registry?

    1. Chris says:

      You can’t override domain group policy locally, and even registry editing will get overridden the next time GP is synced.

      However, it’s also unlikely that your domain administrator actually *set* a policy regarding Aero Shake, if it’s not disabled, in which case, you can go ahead and add a local policy to disable it. (Local policy doesn’t trump domain policy, but it’s possible domain policy doesn’t exist wrt the Aero Shake option)

      1. Joshua says:

        The trick to making GP overrides stick is to find the registry storage location for the policy in question, and deny SYSTEM write access to it with an explicit deny rule.

        1. Nick says:

          This is either amazing satire or horrifying hackery but I’m not sure which.

          1. If an organization is going to use group policy but grant you local administrator access to your machine, then this is precisely what you’ve entitled your users to do. If you don’t want them mucking with the registry keys, then don’t grant local admin.

          2. cheong00 says:

            I hate to say, but that’s what I found I have to do to restore Windows Firewall, when the domain policy is set to disable it. (Instead of just deny SYSTEM write access to the location, I removed “Domain Admin” from local Administrators group too, re-enabled Windows Update, disabled “Server” service and does a little more “hardening”.)

            So in one incident that worms swamped the machines on our corporate network via VPN on router, my PC was not infected.

          3. cheong00 says:

            I know this is probably not the right way to do, but just like what I said the relevant discussion in Channel 9, I really think for a number of policy in “Group Policy”, local administrator should be able to override it with a more “secure” option.

        2. alegr1 says:

          Doesn’t SYSTEM have SE_TCB privilege to bypass all access checks?

          1. Chris says:

            SE_TCB doesn’t bypass access checks for you, or for SYSTEM. SE_TCB allows whatever holds the privilege to generate logon tokens, and make arbitrary modifications to its own token’s privileges.

            It is possible to manually bypass access checks if you have the SE_TCB privilege(by generating and using an access token that DOES have access to the object in question), but it doesn’t automatically bypass it.

            If you deny SYSTEM access to something, the SYSTEM account will, by default, be unable to access it. SYSTEM could use its special privileges to get around that; but so could an account running as local admin. (Local admin can use the SE_TAKE_OWNERSHIP privilege, grab ownership of the object, and modify the permissions.) While possible, the system isn’t designed to do that automatically.

      2. Muzer says:

        I see, thanks for explaining, that makes sense. The issue (as explained below) is I can’t seem to open the group policy editor at all, because of (wait for it) group policy. I have, however, enabled the manual, evil, registry tweak. Next time my computer reboots (too much effort to restart explorer…) I’ll see if it’s worked.

        1. JDG says:

          Restarting Explorer is actually easier than you think. Give the task bar focus and press Alt+F4. A window will appear asking you how you want to shut down. Hold down Ctrl+Alt+Shift and click Cancel, and presto, Explorer does a clean shut down immediately. You can use the Task Manager or a console window to relaunch explorer.exe to get it back.

          1. GL says:

            Wow but how did you come to know this trick? This is amazing because in Windows 10, you cannot just kill explorer in Task Manager — it will restart (even after successive killing). This trick works like a charm!

          2. GL says:

            Was fiddling with this. I noted that if you hold Ctrl+Shift while right-clicking the taskbar, the context menu has “Exit Explorer”, which is even easier.

            But what I found more interesting is that after Explorer has shut down, if I run start explorer -verb runas in PowerShell, and allow UAC to elevate Explorer, the new Explorer will still be unelevated. According to Raymond’s https://blogs.msdn.microsoft.com/oldnewthing/20131118-00/?p=2643/ if you want to run unelevated when you’re elevated, you normally use the running Explorer. But now there isn’t such Explorer, I guess Explorer must have been using some more interesting tricks.

            Moreover, I found that the actual running Explorer has /NOUACCHECK in its command line and I tried start explorer -arg /NOUACCHECK -verb runas, and the resulting instance is still unelevated, and displays a folder (My Documents, of course), and will not quit after I close the folder.

            May I ask Raymond to write an entry on this?

    2. Tim says:

      gpedit.msc > User Configuration > Administrative Templates > Desktop > Turn off Aero Shake window minimizing mouse gesture

    3. GL says:

      I don’t think you can use gpedit.msc without administrative privilege…? If that is indeed the case, I don’t think there’s much one can do instead of tweaking the registry.

      It is interesting that Microsoft (Korea) has the registry tweak information available in a KB article https://support.microsoft.com/ko-kr/help/976958

      1. Chris says:

        Don’t most of the policy registry changes happen in HKLM anyway?

        If they happen there, then you need admin privileges to change the settings manually, anyway.

        1. GL says:

          Small tweaks like this are in HKCU. There’s still chance for the user ;-)

          1. Joshua says:

            Don’t even need admin then. Copy off ntuser.DAT, edit by load hive on another computer, copy back.

          2. GL says:

            But why would you like to copy ntuser.dat when you could reg, .reg, Registry PSProvider or regedit?

          3. Joshua says:

            @GL: The one I targeted before had permissions on the registry key set such that I couldn’t edit it. Lot of good that did. The real trick was replacing ntuser.dat; had to fake the system out to get code running without the file being locked.

      2. Muzer says:

        I can get local admin privileges but the group policy snap-in is denied by group policy, so I can’t use gpedit.msc (unless running it as admin doesn’t actually run it as admin, or something weird).

    4. Ben N says:

      For what it’s worth, the relevant setting is the “NoWindowMinimizingShortcuts” value (set it to 1) under “HKCU\Software\Policies\Microsoft\Windows\Explorer”. I’m not sure if it’ll survive a Group Policy sync, and you need local admin to write to that part, but it might be worth a shot. Though it’s probably undocumented, it’s extremely unlikely to change, since the Group Policy Editor’s administrative template specifies the Registry locations, and any change would break the policy’s backward compatibility.

      Shameless self-promotion: you can figure out the Registry effects of any policy with the Element Inspector tool of my open-source tool Policy Plus. Policy Plus can also edit the local GPO (Registry.pol), so there’s a chance it will do the job even if the LGPE is disabled by Group Policy.

  2. xpclient says:

    If only they have given us a button on each window to minimize all background windows, I might’ve used this feature. Or maybe a right click on the Minimize button. The silliness and discomfort of shaking makes it annoying. Win+M requires two fingers.

    1. Entegy says:

      Windows+Home minimizes all background windows. Has since Windows 7, same OS that introduced shake.

      1. xpclient says:

        Yes Win+Home I know that’s Left Win+Fn+=Home. Super convenient because it’s just one keystroke that I can hit without even looking at the keyboard :D

Comments are closed.

Skip to main content