Window Stations and Desktops 2

 

 

 

 

 

Window Station and Desktop Creation

 

The system automatically creates the interactive window station. When an interactive user logs on, the system associates the interactive window station with the user logon session. The system also creates the default input desktop for the interactive window station (Winsta0\default). Processes started by the logged-on user are associated with the Winsta0\default desktop. A process can use the CreateWindowStation() function to create a new window station, and the CreateDesktop() or CreateDesktopEx() function to create a new desktop. The number of desktops that can be created is limited by the size of the system desktop heap. When a noninteractive process such as a service application attempts to connect to a window station and no window station exists for the process logon session, the system attempts to create a window station and desktop for the session. The name of the created window station is based on the logon session identifier, and the desktop is named default, as described here:

 

  1. If a service is running in the security context of the LocalSystem account but does not include the SERVICE_INTERACTIVE_PROCESS attribute, it uses the following window station and desktop: Service-0x0-3e7$\default. This window station is not interactive, so the service cannot display a user interface. In addition, processes created by the service cannot display a user interface.
  2. If the service is running in the security context of a user account, the name of the window station is based on the user SID Service-0xZ1-Z2$, where Z1 is the high part of the logon SID and Z2 is the low part of the logon SID. Because a SID is unique to the logon session, two services running in the same security context receive unique window stations. These window stations are not interactive.

 

The discretionary access control list (DACL) for the window station and desktop includes the following access rights for the service's user account:

 

Window Station:

 

  1. WINSTA_ACCESSCLIPBOARD
  2. WINSTA_ACCESSGLOBALATOMS
  3. WINSTA_CREATEDESKTOP
  4. WINSTA_EXITWINDOWS
  5. WINSTA_READATTRIBUTES
  6. STANDARD_RIGHTS_REQUIRED

 

Desktop:

 

  1. DESKTOP_CREATEMENU
  2. DESKTOP_CREATEWINDOW
  3. DESKTOP_ENUMERATE
  4. DESKTOP_HOOKCONTROL
  5. DESKTOP_READOBJECTS
  6. DESKTOP_WRITEOBJECTS
  7. STANDARD_RIGHTS_REQUIRED

 

Process Connection to a Window Station

 

A process automatically establishes a connection to a window station and desktop when it first calls a USER32 or GDI32 function (other than the window station and desktop functions). The system determines the window station to which a process connects according to the following rules:

 

  1. If the process has called the SetProcessWindowStation() function, it connects to the window station specified in that call.
  2. If the process did not call SetProcessWindowStation(), it connects to the window station inherited from the parent process.
  3. If the process did not call SetProcessWindowStation() and did not inherit a window station, the system attempts to open for MAXIMUM_ALLOWED access and connect to a window station as follows:

 

    1. If a window station name was specified in the lpDesktop member of the STARTUPINFO structure that was used when the process was created, the process connects to the specified window station.
    2. Otherwise, if the process is running in the logon session of the interactive user, the process connects to the interactive window station.
    3. If the process is running in a noninteractive logon session, the window station name is formed based on the logon session identifier and an attempt is made to open that window station. If the open operation fails because this window station does not exist, the system tries to create the window station and a default desktop.

 

The window station assigned during this connection process cannot be closed by calling the CloseWindowStation() function. When a process is connecting to a window station, the system searches the process's handle table for inherited handles. The system uses the first window station handle it finds. If you want a child process to connect to a particular inherited window station, you must ensure that the only the desired handle is marked inheritable. If a child process inherits multiple window station handles, the results of the window station connection are undefined. Handles to a window station that the system opens while connecting a process to a window station are not inheritable.

 

Thread Connection to a Desktop

 

After a process connects to a window station, the system assigns a desktop to the thread making the connection. The system determines the desktop to assign to the thread according to the following rules:

 

  1. If the thread has called the SetThreadDesktop() function, it connects to the specified desktop.
  2. If the thread did not call SetThreadDesktop(), it connects to the desktop inherited from the parent process.
  3. If the thread did not call SetThreadDesktop() and did not inherit a desktop, the system attempts to open for MAXIMUM_ALLOWED access and connect to a desktop as follows:

 

    1. If a desktop name was specified in the lpDesktop member of the STARTUPINFO structure that was used when the process was created, the thread connects to the specified desktop.
    2. Otherwise, the thread connects to the default desktop of the window station to which the process connected.

 

The desktop assigned during this connection process cannot be closed by calling the CloseDesktop() function. When a process is connecting to a desktop, the system searches the process's handle table for inherited handles. The system uses the first desktop handle it finds. If you want a child process to connect to a particular inherited desktop, you must ensure that the only the desired handle is marked inheritable. If a child process inherits multiple desktop handles, the results of the desktop connection are undefined. Handles to a desktop that the system opens while connecting a process to a desktop are not inheritable.

 

 

 

 

< Window Station and Desktop 1 | Window Station and Desktop | Win32 Programming | Window Station and Desktop 3 >