Window Station and Desktop Creation
The system automatically creates the interactive window station. When an interactive user logs on, the system associates the interactive window station with the user logon session. The system also creates the default input desktop for the interactive window station (Winsta0\default). Processes started by the logged-on user are associated with the Winsta0\default desktop. A process can use the CreateWindowStation() function to create a new window station, and the CreateDesktop() or CreateDesktopEx() function to create a new desktop. The number of desktops that can be created is limited by the size of the system desktop heap. When a noninteractive process such as a service application attempts to connect to a window station and no window station exists for the process logon session, the system attempts to create a window station and desktop for the session. The name of the created window station is based on the logon session identifier, and the desktop is named default, as described here:
The discretionary access control list (DACL) for the window station and desktop includes the following access rights for the service's user account:
Window Station:
Desktop:
Process Connection to a Window Station
A process automatically establishes a connection to a window station and desktop when it first calls a USER32 or GDI32 function (other than the window station and desktop functions). The system determines the window station to which a process connects according to the following rules:
The window station assigned during this connection process cannot be closed by calling the CloseWindowStation() function. When a process is connecting to a window station, the system searches the process's handle table for inherited handles. The system uses the first window station handle it finds. If you want a child process to connect to a particular inherited window station, you must ensure that the only the desired handle is marked inheritable. If a child process inherits multiple window station handles, the results of the window station connection are undefined. Handles to a window station that the system opens while connecting a process to a window station are not inheritable.
Thread Connection to a Desktop
After a process connects to a window station, the system assigns a desktop to the thread making the connection. The system determines the desktop to assign to the thread according to the following rules:
The desktop assigned during this connection process cannot be closed by calling the CloseDesktop() function. When a process is connecting to a desktop, the system searches the process's handle table for inherited handles. The system uses the first desktop handle it finds. If you want a child process to connect to a particular inherited desktop, you must ensure that the only the desired handle is marked inheritable. If a child process inherits multiple desktop handles, the results of the desktop connection are undefined. Handles to a desktop that the system opens while connecting a process to a desktop are not inheritable.