Window Station and Desktop Creation

The system automatically creates the interactive window station. When an interactive user logs on, the system associates the interactive window station with the user logon session. The system also creates the default input desktop for the interactive window station (Winsta0\default). Processes started by the logged-on user are associated with the Winsta0\default desktop.

A process can use the CreateWindowStation function to create a new window station, and the CreateDesktop or CreateDesktopEx function to create a new desktop. The number of desktops that can be created is limited by the size of the system desktop heap. For more information, see CreateDesktop.

When a noninteractive process such as a service application attempts to connect to a window station and no window station exists for the process logon session, the system attempts to create a window station and desktop for the session. The name of the created window station is based on the logon session identifier, and the desktop is named default, as described here:

  • If a service is running in the security context of the LocalSystem account but does not include the SERVICE_INTERACTIVE_PROCESS attribute, it uses the following window station and desktop: Service-0x0-3e7$\default. This window station is not interactive, so the service cannot display a user interface. In addition, processes created by the service cannot display a user interface.
  • If the service is running in the security context of a user account, the name of the window station is based on the user SID Service-0xZ1-Z2$, where Z1 is the high part of the logon SID and Z2 is the low part of the logon SID. Because a SID is unique to the logon session, two services running in the same security context receive unique window stations. These window stations are not interactive.

The discretionary access control list (DACL) for the window station and desktop includes the following access rights for the service's user account:

Window Station: