- If the service is running in the LocalSystem account and is not interactive (that is, the service type does not include the SERVICE_INTERACTIVE_PROCESS flag), the service will use the following Window station and Desktop:Service-0x0-3e7$\default
where "Service-0x0-3e7$" is the name of the Window station and "default" is the name of the desktop.
This is a noninteractive Window station.
- If the service is running in the LocalSystem account and is interacting with the desktop (that is, the service type includes the SERVICE_INTERACTIVE_PROCESS flag), the service will use the following Window station and Desktop:Winsta0\defaultThis is an interactive Window station.
- If the service is running in the security context of a user account, the system will create a unique noninteractive Window station and Desktop for that service. The name of the Window station will be based on the Logon Security Identifier (SID) of the user:
Service-0xZ1-Z2$\default where Z1 is the high part and Z2 is the low part of the Logon SID.
When the interactively logged-on user launches any processes, these processes are associated with the "default" Desktop in the "Winsta0" Window station. The "default" Desktop is considered the active Desktop. A process on the active Desktop could switch Desktops such that another Desktop becomes the active Desktop such as the "Winlogon" Desktop. Only one Desktop can be the active Desktop at any one time. The SwitchDesktop API can be used to activate a desktop. For more information, see the Platform SDK online documentation.
Desktops associated with a noninteractive Window station can create user objects. These objects will never be visible to the interactively logged-on user and will never receive any user input. If you have a noninteractive Service running in the LocalSystem account, any user objects created by the service will not be visible to the interactively logged-on user. Additionally, any processes that are launched by the service will also not be visible.
Following is other important information concerning Window stations and desktops:
- Window messages can only be sent between processes on the same Desktop. They cannot be sent across processes associated with different Desktops.
- Application-defined hooks are limited in the same way that Windows messages are. The hook procedure of a process running in a particular desktop will only get messages targeted for windows created in the same desktop.