Windows provides three main categories of objects:
Kernel objects are securable, while user objects and GDI objects are not. Therefore, to provide additional security, user interface objects are managed using window stations and desktops, which themselves are securable objects. A window station is a securable object that is associated with a process, and contains a clipboard, an atom table, and one or more desktop objects. A desktop is a securable object contained within a window station. A desktop has a logical display surface and contains user interface objects such as windows, menus, and hooks.
A window station contains a clipboard, an atom table, and one or more desktop objects. Each window station object is a securable object. When a window station is created, it is associated with the calling process and assigned to the current session. The interactive window station, Winsta0, is the only window station that can display a user interface or receive user input. It is assigned to the logon session of the interactive user, and contains the keyboard, mouse, and display device. All other window stations are non-interactive, which means they cannot display a user interface or receive user input. When a user logs on to a Terminal Services-enabled computer, a session is started for the user. Each session is associated with its own interactive window station.
A desktop has a logical display surface and contains user interface objects such as windows, menus, and hooks; it can be used to create and manage windows. Each desktop object is a securable object. When a desktop is created, it is associated with the current window station of the calling process and assigned to the calling thread. Messages can be sent only between processes that are on the same desktop. In addition, the hook procedure of a process running on a particular desktop can only receive messages intended for windows created in the same desktop.
The desktops associated with the interactive window station, Winsta0, can be made to display a user interface and receive user input, but only one of these desktops at a time is active. This active desktop, also known as the input desktop, is the one that is currently visible to the user and that receives user input. Applications can use the OpenInputDesktop() function to get a handle to the input desktop. Applications that have the required access can use the SwitchDesktop() function to specify a different input desktop. By default, there are three desktops in the interactive window station:
The screen-saver and Winlogon desktops are secured desktops. The default desktop is created when the logged-on user starts a process. At that point, the default desktop becomes active, and it is used to interact with the user. Whenever the screen saver activates, the system automatically switches to the screen-saver desktop, which protects the processes on the default desktop from unauthorized users. Unsecured screen savers run on Winsta0\default. The Winlogon desktop is active while a user logs on. The system switches to the default desktop when the shell indicates that it is ready to display something. During the user's session, the system switches to the Winlogon desktop when the user presses the CTRL+ALT+DEL key sequence, or when the User Account Control (UAC) dialog box is open. For Windows Server 2003 and Windows XP/2000, the UAC dialog box is not supported. Applications cannot access the Winlogon desktop. Also, applications cannot switch to a different desktop while the Winlogon desktop is active.