This article was previously published under Q171890
A Microsoft Windows NT, Windows 2000, and Windows XP service has a Window station and Desktop combination associated with it. This is based on which account the service is running in:
If the service is running in the LocalSystem account and is not interactive(that is, the service type does not include the SERVICE_INTERACTIVE_PROCESSflag), the service will use the following Window station and Desktop:
where "Service-0x0-3e7$" is the name of the Window station and "default" is the name of the desktop.
This is a noninteractive Window station.
If the service is running in the LocalSystem account and is interactingwith the desktop (that is, the service type includes theSERVICE_INTERACTIVE_PROCESS flag), the service will use the followingWindow station and Desktop:
This is an interactive Window station.
If the service is running in the security context of a user account, thesystem will create a unique noninteractive Window station and Desktop forthat service. The name of the Window station will be based on the LogonSecurity Identifier (SID) of the user:
Service-0xZ1-Z2$\default where Z1 is the high part and Z2 is the low partof the Logon SID.
Additionally, two services that are running in the same security context (same service account name) will not receive the same Window station and Desktop because Logon Security Identifier's(SID) are unique to that logon session.
A Window station can either be interactive or noninteractive. (Only "Winsta0" can be an interactive Window station.) Any Desktops that are created on the interactive Window station can become active. An active Desktop encompasses the ability for user objects (such as windows and dialog boxes) created on the Desktop to be visible to the interactively logged-on user (that is, the user who logs on the system by pressing CTRL-ALT-DELETE) and receive user input.
When the interactively logged-on user launches any processes, theseprocesses are associated with the "default" Desktop in the "Winsta0" Windowstation. The "default" Desktop is considered the active Desktop. A processon the active Desktop could switch Desktops such that another Desktopbecomes the active Desktop such as the "Winlogon" Desktop. Only one Desktopcan be the active Desktop at any one time. The SwitchDesktop API can beused to activate a desktop. For more information, see the Platform SDK online documentation.
Desktops associated with a noninteractive Window station can create userobjects. These objects will never be visible to the interactively logged-onuser and will never receive any user input. If you have a noninteractiveService running in the LocalSystem account, any user objects created by theservice will not be visible to the interactively logged-on user. Additionally, any processes that are launched by the service will also not be visible.
Following is other important information concerning Window stations anddesktops:
Window messages can only be sent between processes on the same Desktop. They cannot be sent across processes associated with different Desktops.
Application-defined hooks are limited in the same way that Windows messages are. The hook procedure of a process running in a particular desktop will only get messages targeted for windows created in the same desktop.
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
327618 INFO: Security, Services and the Interactive Desktop