starred/terminal
1
0
Fork 0
mirror of https://github.com/microsoft/terminal.git synced 2026-02-04 05:35:20 +00:00
Code Issues 19.0k Packages Projects Releases 20 Wiki Activity

Ability to Lock the terminal #23294

New Issue
Closed
opened 2026-01-31 08:38:00 +00:00 by claunia · 9 comments
claunia commented 2026-01-31 08:38:00 +00:00
Owner
Copy Link

Originally created by @kilasuit on GitHub (May 23, 2025).

Description of the new feature

Many applications can allow for a application level locking mechanism, which should enable a user to still work on other tings and lock user interaction with the terminal

This would allow for a open Admin terminal that can be locked/unlocked as needed and improve flexibility in administrative tasks.

As Security consious IT Admin/Dev I would find this feature extremely useful & I'm sure plenty others would too.

Optionally this could tap into Windows Hello for the lock/unlock process that tools like 1Password have integrated with already today.

Proposed technical implementation details

A locked and optionally blurred terminal that via opt-in features cannot be captured by screen recording tools
Integration with Windows Hello or via a Terminal specific Pin (ideally a per session pin) to unlock
Additional lock/unlocking mechanisms like via keybindings or by specific events particularly those like network changes or the addition/removal/enabling/disabling of devices, the time of day and whether or not in a call/meeting and you are screen sharing.

Originally created by @kilasuit on GitHub (May 23, 2025). ### Description of the new feature Many applications can allow for a application level locking mechanism, which should enable a user to still work on other tings and lock user interaction with the terminal This would allow for a open Admin terminal that can be locked/unlocked as needed and improve flexibility in administrative tasks. As Security consious IT Admin/Dev I would find this feature extremely useful & I'm sure plenty others would too. Optionally this could tap into Windows Hello for the lock/unlock process that tools like 1Password have integrated with already today. ### Proposed technical implementation details A locked and optionally blurred terminal that via opt-in features cannot be captured by screen recording tools Integration with Windows Hello or via a Terminal specific Pin (ideally a per session pin) to unlock Additional lock/unlocking mechanisms like via keybindings or by specific events particularly those like network changes or the addition/removal/enabling/disabling of devices, the time of day and whether or not in a call/meeting and you are screen sharing.
claunia added the Issue-FeatureNeeds-TriageNeeds-Tag-FixNeeds-Attention labels 2026-01-31 08:38:01 +00:00
claunia commented 2026-01-31 08:38:03 +00:00
Author
Owner
Copy Link

@zadjii-msft commented on GitHub (May 23, 2025):

Perhaps like, a "Read only mode"/?

@zadjii-msft commented on GitHub (May 23, 2025): Perhaps like, a "[Read only mode](https://learn.microsoft.com/en-us/windows/terminal/customize-settings/actions#mark-a-pane-as-read-only)"/?
claunia commented 2026-01-31 08:38:03 +00:00
Author
Owner
Copy Link

@kilasuit commented on GitHub (May 23, 2025):

Whilst that could be 1 possible option I'd more like it to be like an RDP session in that it can continue doing what it's doing with no ability for any other process to see what's drawn to the terminals window unless it's in an unlocked mode, especially as this is an area that with Recall and other potential tooling that does screen capture there'll be a need to allow/disallow over the shoulder views/recording of terminal windows especially those that have full local device Administrative sessions open.

@kilasuit commented on GitHub (May 23, 2025): Whilst that could be 1 possible option I'd more like it to be like an RDP session in that it can continue doing what it's doing with no ability for any other process to see what's drawn to the terminals window unless it's in an unlocked mode, especially as this is an area that with Recall and other potential tooling that does screen capture there'll be a need to allow/disallow `over the shoulder` views/recording of terminal windows especially those that have full local device Administrative sessions open.
claunia commented 2026-01-31 08:38:04 +00:00
Author
Owner
Copy Link

@kilasuit commented on GitHub (May 23, 2025):

I would also want like a win+l key binding for WinTerminal if that makes more sense

@kilasuit commented on GitHub (May 23, 2025): I would also want like a win+l key binding for WinTerminal if that makes more sense
claunia commented 2026-01-31 08:38:04 +00:00
Author
Owner
Copy Link

@kilasuit commented on GitHub (May 23, 2025):

@zadjii-msft Have updated with some more tech implementation details, hope that's more helpful!

@kilasuit commented on GitHub (May 23, 2025): @zadjii-msft Have updated with some more tech implementation details, hope that's more helpful!
claunia commented 2026-01-31 08:38:05 +00:00
Author
Owner
Copy Link

@jamespack commented on GitHub (May 25, 2025):

Although cool, this would be practically useless in my organization. Our administrative tasks are performed by a separate user account typically either in a fully administrative context where if we were to step away the whole machine would need to be locked or an elevated context where when the task is finished, we leave, and the elevated context is killed. Would never be locked and left with the user. Even when we are running elevated tasks from our desks on against remote computers if we need to step away we are required to lock the machine. I'm sure Orgs are mostly gonna opt out of recall anyway through GPO.

@jamespack commented on GitHub (May 25, 2025): Although cool, this would be practically useless in my organization. Our administrative tasks are performed by a separate user account typically either in a fully administrative context where if we were to step away the whole machine would need to be locked or an elevated context where when the task is finished, we leave, and the elevated context is killed. Would never be locked and left with the user. Even when we are running elevated tasks from our desks on against remote computers if we need to step away we are required to lock the machine. I'm sure Orgs are mostly gonna opt out of recall anyway through GPO.
claunia commented 2026-01-31 08:38:05 +00:00
Author
Owner
Copy Link

@kilasuit commented on GitHub (May 27, 2025):

@jamespack I wasn't thinking of the "walking away from a machine" scenario but more the scenario where you have mulitple open active (local or remote) sessions and you want some additional protection from accidently running something in a session you weren't intending to or worse some malious code is able to hyjack those sesions and play it's "invoke-chaos" card.

I can today sorta isolate by using virtual desktops, but they also aren't locked unless they are a remote session whether to a local or remote machine. This also doesn't add additional reattestation layers of Oh yes you are the admin before being able to continue & potentially shoot yourself in the foot with by running destructive commands (like the funzie of rm -rf mistakes etc)

@kilasuit commented on GitHub (May 27, 2025): @jamespack I wasn't thinking of the "walking away from a machine" scenario but more the scenario where you have mulitple open active (local or remote) sessions and you want some additional protection from accidently running something in a session you weren't intending to or worse some malious code is able to hyjack those sesions and play it's "invoke-chaos" card. I can today sorta isolate by using virtual desktops, but they also aren't locked unless they are a remote session whether to a local or remote machine. This also doesn't add additional reattestation layers of `Oh yes you are the admin` before being able to continue & potentially shoot yourself in the foot with by running destructive commands (like the funzie of rm -rf mistakes etc)
claunia commented 2026-01-31 08:38:05 +00:00
Author
Owner
Copy Link

@jamespack commented on GitHub (May 28, 2025):

The "cheddar bob" use case I can get behind.

Im the king of shooting myself in the foot. lol

@jamespack commented on GitHub (May 28, 2025): The "cheddar bob" use case I can get behind. Im the king of shooting myself in the foot. lol
claunia commented 2026-01-31 08:38:06 +00:00
Author
Owner
Copy Link

@DHowett commented on GitHub (May 28, 2025):

If I'm reading the request properly, this is "read-only mode" but with a password--potentially the user's session password--stopping you from turning it off.

So, read-only mode is in the command palette:

Image

When you type,

Image

you want some additional protection from accidently running something in a session you weren't intending to

I know you rejected read-only mode before, but this is exactly what it's for 🙂

some malicious code is able to hyjack those sesions and play it's "invoke-chaos" card

I legitimately do not think that we should handle user credentials or introduce an in-process security boundary to prevent medium-integrity malware from interfering with Terminal, who is also at medium integrity level. If there is malicious code running as your user, it can already attach to Terminal and defeat any in-process protections we might add.

For the rest... it's clever to have a live-updating blurred view of the window unlockable by a keystroke or password, but not something we're likely to invest in or want to maintain. I'm sorry.

@DHowett commented on GitHub (May 28, 2025): If I'm reading the request properly, this is "read-only mode" but with a password--potentially the user's session password--stopping you from turning it off. So, read-only mode is in the command palette: ![Image](https://github.com/user-attachments/assets/d10fd3c4-530d-42dd-ac84-af05c280d867) When you type, ![Image](https://github.com/user-attachments/assets/8fd6e8b7-6fcb-4f7c-8796-6ad86e110974) > you want some additional protection from accidently running something in a session you weren't intending to I know you rejected read-only mode before, but this is exactly what it's for 🙂 > some malicious code is able to hyjack those sesions and play it's "invoke-chaos" card I legitimately do not think that we should handle user credentials or introduce an in-process security boundary to prevent medium-integrity malware from interfering with Terminal, who is also at medium integrity level. If there is malicious code running as your user, _it can already attach to Terminal_ and defeat any in-process protections we might add. For the rest... it's clever to have a live-updating blurred view of the window unlockable by a keystroke or password, but not something we're likely to invest in or want to maintain. I'm sorry.
claunia commented 2026-01-31 08:38:06 +00:00
Author
Owner
Copy Link

@kilasuit commented on GitHub (May 28, 2025):

That's fair - though let me expand a bit more around how & why this would be useful particularly in the following areas, I get the potential to defeat protections but we must make sure we put as many layers as we can, where we can.

Though the uses of having this

  • Invoking a Prank across your team or do we not play these games on each other anymore (RIP Rickrolling if so) - which argably is malicious but in the "approved" lists
  • enforcing breaks by adding further restriction mechanisms (perhaps location or Time bound/ScriptInitiated/locally/remotely)
  • Adds Parent -> Child / Admin -> standard user additional protections
  • Allows proper backgrounding of a task where you may be an environment where additional privacy on what you are doing is important by not leaking anything to the screen at all, which read-only doesn't today.

I'd definitely want there to be lock mechanism which can either be seperate to the current user credentials (ala App specific) or can make use of any other mechanism including hardware tokens like yubikeys or WinHello biometrics, but I want as a feature on all apps not just terminal so that can lock everything even down to tabs in vscode/browsers with each having individual lock/unlock mechanisms, not limited to just the ones to we have today & to instead have things like additional Pin unlock / location aware Pin unlock as to give more flexiblity but also give more security too.

I know that's the utter extreme vision, but gotta dream big on these things & find what's at least workable for now, which a mix of virtual desktops and read-only mode and moving that terminal to one of another virtual desktop will have to do for now at least. Though I have raised this feedback in feedback hub for locking a virtual desktop.

I almost forgot that Remote Desktop Manager by Devolutions does a session lock & hosts Win Terminal, so this will also work for me today too

Also looks to be a thing on linux with vlock

I know you've said that but not something we're likely to invest in or want to maintain. I'm sorry but I see from a look in the PR's you have terminal extensions, so perhaps this could be something that the community can potentially build and add as an evolution to the ReadOnly mode today via an extension.

Which sounds like a hard but interesting challenge & why I do understand @DHowett why you'd be hesitant on accepting this natively into WinTerminal (at least at this time)
Hope additional backgound for anyone reading is helpful.

@kilasuit commented on GitHub (May 28, 2025): That's fair - though let me expand a bit more around how & why this would be useful particularly in the following areas, I get the potential to defeat protections but we must make sure we put as many layers as we can, where we can. Though the uses of having this - Invoking a Prank across your team or do we not play these games on each other anymore (RIP Rickrolling if so) - which argably is malicious but in the "approved" lists - enforcing breaks by adding further restriction mechanisms (perhaps location or Time bound/ScriptInitiated/locally/remotely) - Adds Parent -> Child / Admin -> standard user additional protections - Allows proper backgrounding of a task where you may be an environment where additional privacy on what you are doing is important by not leaking anything to the screen at all, which read-only doesn't today. I'd definitely want there to be lock mechanism which can either be seperate to the current user credentials (ala App specific) or can make use of any other mechanism including hardware tokens like yubikeys or WinHello biometrics, but I want as a feature on all apps not just terminal so that can lock everything even down to tabs in vscode/browsers with each having individual lock/unlock mechanisms, not limited to just the ones to we have today & to instead have things like [additional Pin unlock / location aware Pin unlock](https://aka.ms/AAweaor) as to give more flexiblity but also give more security too. I know that's the utter extreme vision, but gotta dream big on these things & find what's at least workable for now, which a mix of virtual desktops and read-only mode and moving that terminal to one of another virtual desktop will have to do for now at least. Though I have raised this [feedback in feedback hub](https://aka.ms/AAweexe) for locking a virtual desktop. I almost forgot that Remote Desktop Manager by Devolutions does a session lock & hosts Win Terminal, so this will also work for me today too Also looks to be a [thing on linux with vlock](https://www.makeuseof.com/how-to-lock-linux-terminal-with-vlock/) I know you've said that `but not something we're likely to invest in or want to maintain. I'm sorry` but I see from a look in the PR's you have terminal extensions, so perhaps this could be something that the community can potentially build and add as an evolution to the ReadOnly mode today via an extension. Which sounds like a hard but interesting challenge & why I do understand @DHowett why you'd be hesitant on accepting this natively into WinTerminal (at least at this time) Hope additional backgound for anyone reading is helpful.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Reserved
A11yCO
A11yMAS
A11ySev1
A11ySev2
A11ySev3
A11yTTValidated
A11yUsable
A11yVoiceAccess
A11yWCAG
Area-Accessibility
Area-AtlasEngine
Area-AzureShell
Area-Build
Area-Build
Area-Chat
Area-CmdPal
Area-CodeHealth
Area-Commandline
Area-CookedRead
Area-DefApp
Area-Extensibility
Area-Fonts
Area-GroupPolicy
Area-i18n
Area-Input
Area-Interaction
Area-Interop
Area-Localization
Area-Output
Area-Performance
Area-Portable
Area-Quality
Area-Remoting
Area-Rendering
Area-Schema
Area-Server
Area-Settings
Area-SettingsUI
Area-ShellExtension
Area-ShellExtension
Area-ShellExtension
Area-Suggestions
Area-Suggestions
Area-TerminalConnection
Area-TerminalControl
Area-Theming
Area-UserInterface
Area-VT
Area-Windowing
Area-WPFControl
AutoMerge
Blocking-Ingestion
Culprit-Centennial
Culprit-WinUI
Disability-All
Disability-Blind
Disability-LowVision
Disability-Mobility
External-Blocked-WinUI3
Fixed
Gathering-Data
good first issue
HCL-E+D
HCL-WindowsTerminal
Help Wanted
Impact-Compatibility
Impact-Compliance
Impact-Correctness
Impact-Visual
In-PR
InclusionBacklog
InclusionBacklog-Windows TerminalWin32
InclusionCommitted-202206
Issue-Bug
Issue-Docs
Issue-Feature
Issue-Feature
Issue-Question
Issue-Samples
Issue-Scenario
Issue-Task
Needs-Attention
Needs-Author-Feedback
Needs-Bisect
Needs-Discussion
Needs-Repro
Needs-Tag-Fix
Needs-Tag-Fix
Needs-Triage
No-Recent-Activity
Priority-0
Priority-1
Priority-2
Priority-3
Product-Cmd.exe
Product-Colortool
Product-Colortool
Product-Colortool
Product-Conhost
Product-Conpty
Product-Meta
Product-Powershell
Product-Terminal
Product-WSL
pull-request
Mirrored from GitHub Pull Request
 Resolution-Answered
Resolution-By-Design
Resolution-Duplicate
Resolution-External
Resolution-Fix-Available
Resolution-Fix-Committed
Resolution-No-Repro
Resolution-Won't-Fix
Severity-Blocking
Severity-Crash
Severity-DataLoss
spam
this-will-be-a-breaking-change
Tracking-External
WindowsTerminal_Win32
Work-Item
zAskModeBug
zInbox-Bug
No Label Issue-Feature Needs-Attention Needs-Tag-Fix Needs-Triage
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claunia
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/terminal#23294
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?