Welcome to MSDN Blogs Sign in | Join | Help

News

  • Chris Jackson is an Architect and the Technical Lead for the Windows Application Experience SWAT Team.

    This is provided "AS IS" with no warranties, and confers no rights. Use of materials found on this page is subject to the terms specified in the Terms of Use

A Desktop of Your Own

I have run into a few scenarios where people want to be able to block access to Windows Explorer so that they can do something such as update the system in a machine that is otherwise publicly facing. One possibility is to create a desktop all your own.

The underlying architecture of Windows allows for something that may provide for this. Every instance of the operating system contains a collection of Sessions. Services run in Session 0, and interactive users run in Sessions 1, 2, 3, etc. (This is on Windows Vista - on Windows XP and earlier, the first interactive login shared Session 0 with services.) Each session contains a collection of Window Stations. Only one of these, WinSta0, is given access to display output, keyboard, and mouse. (Consequently, I haven't come up with any use in anything I have developed for the ability to create more.) Each Window Station contains a collection of Desktops.

You can already see multiple desktops just by using Windows. When you get to the login screen, that is a desktop. When your screen saver activates (assuming you are using a secure secreen saver), that has its own desktop. When you are prompted with a UAC dialog in Windows Vista, by default that has its own desktop. And you can create more. You can use the CreateDesktop API to create a new one, and then the SetThreadDesktop and SwitchDesktop APIs to switch to it. Here is a very simple example:

 

#include <windows.h>

int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd) {
  HDESK hdeskOriginalThread = GetThreadDesktop(GetCurrentThreadId());
  HDESK hdeskOriginalInput = OpenInputDesktop(0, FALSE, DESKTOP_SWITCHDESKTOP);
  HDESK hdeskNewDesktop = CreateDesktop(TEXT("PrivateDesktop"), NULL, NULL, 0, GENERIC_ALL, NULL);
  SetThreadDesktop(hdeskNewDesktop);
  SwitchDesktop(hdeskNewDesktop);
  MessageBox(NULL, TEXT("MessageBox on private desktop"), TEXT("Private Desktop"), MB_OK);
  SwitchDesktop(hdeskOriginalInput);
  SetThreadDesktop(hdeskOriginalThread);
  CloseDesktop(hdeskNewDesktop);
  return 0;
}

 

This may immediately give you some ideas about kiosk applications. However, the desktop window manager (DWM) only runs on the primary desktop, so you won't be able to use Glass on any additional desktops you create. (Incidentally, that's also why UAC prompts are not rendered using glass.) So, if that's a consideration, then you may want to think of other approaches. But for some edge case scenarios, it's nice to know that you have this option available.

Posted: Thursday, November 09, 2006 5:49 AM by Chris Jackson
Filed under:

Comments

Mary said:

Hi, Chris

I run into a strange issue about desktop on Vista.

If I create a 2nd desktop using CreateDesktop (with NULL for security attributes), and launch an IE using CreateProcess() on the 2nd desktop from default desktop, it will be created with medium integrity level and a pop up on the 2nd desktop mentioning that Admin rights is required w/o real IE displayed.

However, launch an IE using CreateProcess() on default desktop directly is OK(and in low integriy level).

Then I tried launching an IE using CreateProcess() on default desktop from 2nd desktop, it works fine with an IE with low integrity level on default desktop.

So, how can I enable same beheavior on 2nd desktop as the default one - IE can be launched in low integrity level w/o any issue?

BTW, I am testing under admin user account. What are the changes about desktop, explorer on Vista?

Thanks in advance!

Mary

# December 11, 2006 10:30 PM

Big_Dick said:

Hi, Chris

I run into a strange issue about desktop on Vista.

I created an app running in 1st desktop, that launches an app in the 2nd desktop. The app in the second desktop launches 3 more apps (notepad, paint & calculater). When I switch to the second desktop, the Aero feature of Vista is missing in the second Desktop. I wanted to know why is it so, is it a limitation on part of Vista or is it by design or am I missing something...

Thanks in advance!

Manoj

# January 24, 2007 8:55 PM

Chris Jackson said:

Hi Manoj,

Yes, that is by design. As I mentioned, "the desktop window manager (DWM) only runs on the primary desktop, so you won't be able to use Glass on any additional desktops you create." So, any desktop other than the default desktop does not get glass.

# January 24, 2007 11:16 PM

Big_Dick said:

Hi, Chris

Thanks for your response, but I still have some problem.

My manager here, does not seem contented with the reply. Can you help me point so some articles/resources by Microsoft, which says that

"the desktop window manager (DWM) only runs on the primary desktop, so you won't be able to use Glass on any additional desktops you create."

As of me, I am satisfied with your reply, but what to do with my manager???

Please help me...

Thanks in advance!

Manoj

# January 25, 2007 2:12 AM

Chris Jackson said:

Well, when I first discovered that limitation, I just shot an email to the team. One of the developers on the team is the person who verified this for me. I don't know if this is documented in the SDK or not, since creating additional desktops is relatively rare.

# January 25, 2007 9:58 AM

Mike Taulty's Blog said:

For some reason, the idea of multiple desktops was bubbling around in my head this morning and I suddenly...

# February 16, 2007 5:35 AM

RichardRudek said:

You wouldn't happen to know whether it's possible to create a desktop which is displayed on a separate monitor, would you ?

The problem I'm trying to workaround is that some display cards (eg nVidia Quadro an other dual head cards) do not support the independent display feature, which you would normally do by using CreateDC("\\DISPLAY.."). These display cards return an 1801 error (Printer name is invalid). So I'm trying to find other ways using windows to emulate the Independent Display behaviour. Hopefully I won't need  try resorting to directly calling the display/video drivers, like Windows does. In other words, the secondary display cannot be part of the normal Windows desktop, accessible by anything else but my program(s).

# February 22, 2007 10:29 PM

Chris Jackson said:

Richard, that is not something I have experimented with, so unfortunately I don't have a lot of information to help you here. I don't see any way to specify the device; there is an lpszDevice argument, but it is reserved and must be NULL.

If you want to secure access to your desktop, you can provide a security descriptor in an argument to CreateDesktop(Ex), but it's going to be difficult to keep processes from calling EnumDesktops and then calling OpenDesktop if other processes are running with the same credentials as yours are (unless you get creative).

# February 26, 2007 3:51 AM

Alex Khristov said:

Hey Chris,

Do you know if there are any plans on making DWM support multiple desktops in future releases of Windows?  Thanks.  :-)

Alex.

# May 2, 2007 4:34 AM

Chris Jackson said:

I am not aware of any plans, but we are still fairly early on in the planning process. If you have a scenario or scenarios (the more details, the better - including the name of your org helps as well) feel free to send them to me via the email me link, and I will make sure that feedback gets into consideration for future releases.

# May 2, 2007 9:39 AM

Projections said:

I've been exploring using multiple desktops in Windows and found some great resources online: Chris Jackson

# January 18, 2008 4:53 PM

Noticias externas said:

I&#39;ve been exploring using multiple desktops in Windows and found some great resources online: Chris

# January 18, 2008 5:09 PM

nbaskar1983 said:

i created new desktop using CreateDesktop API,then i move to that desktop using SwitchDesktop API.

here i couldnt able to access Flip 3D  (Windows key+Tab) .what is the solution Chris.

# March 10, 2008 5:51 AM

Chris Jackson said:

Hi nbaskar1983,

Above, I reference the lack of DWM in additional desktops: "However, the desktop window manager (DWM) only runs on the primary desktop, so you won't be able to use Glass on any additional desktops you create."

Unfortunately, Flip 3D is implemented by the DWM, so that's gone also.

Thanks,

Chris

# March 10, 2008 4:26 PM

nbaskar1983 said:

Thanks for replay chris

Any other solution for this.

# March 10, 2008 9:53 PM

Chris Jackson said:

nbaskar1983-

Erm ... don't switch to a separate desktop? Architecturally, the only desktop where the DWM operates (today - not sure if/when this will change) is the default desktop.

Thanks,

Chris

# March 10, 2008 10:00 PM

Chris Jackson's Semantic Consonance said:

As I am focusing more and more on Windows 7, I find that blogging now begins with web searching, to make

# January 7, 2009 2:51 PM
New Comments to this post are disabled
Page view tracker