Window Station and Desktop Creation
The system automatically creates the interactive window station. When an interactive user logs on, the system associates the interactive window station with the user logon session. The system also creates the default input desktop for the interactive window station (Winsta0\default). Processes started by the logged-on user are associated with the Winsta0\default desktop.
A process can use the CreateWindowStation function to create a new window station, and the CreateDesktop or CreateDesktopEx function to create a new desktop. The number of desktops that can be created is limited by the size of the system desktop heap. For more information, see CreateDesktop.
When a noninteractive process such as a service application attempts to connect to a window station and no window station exists for the process logon session, the system attempts to create a window station and desktop for the session. The name of the created window station is based on the logon session identifier, and the desktop is named default, as described here:
- If a service is running in the security context of the LocalSystem account but does not include the SERVICE_INTERACTIVE_PROCESS attribute, it uses the following window station and desktop: Service-0x0-3e7$\default. This window station is not interactive, so the service cannot display a user interface. In addition, processes created by the service cannot display a user interface.
- If the service is running in the security context of a user account, the name of the window station is based on the user SID Service-0xZ1-Z2$, where Z1 is the high part of the logon SID and Z2 is the low part of the logon SID. Because a SID is unique to the logon session, two services running in the same security context receive unique window stations. These window stations are not interactive.
The discretionary access control list (DACL) for the window station and desktop includes the following access rights for the service's user account:
Window Station:
- WINSTA\_ACCESSCLIPBOARD
WINSTA\_ACCESSGLOBALATOMS
WINSTA\_CREATEDESKTOP
WINSTA\_EXITWINDOWS
WINSTA\_READATTRIBUTES
STANDARD\_RIGHTS\_REQUIRED
Desktop:
- DESKTOP\_CREATEMENU
DESKTOP\_CREATEWINDOW
DESKTOP\_ENUMERATE
DESKTOP\_HOOKCONTROL
DESKTOP\_READOBJECTS
DESKTOP\_WRITEOBJECTS
STANDARD\_RIGHTS\_REQUIRED
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for