We help IT Professionals succeed at work.

How do I get access rights to the desktop (interactive windows station)?

Minolin asked
Medium Priority
Last Modified: 2013-12-03
Hello, I'm writing a remote-control application for a Windows GUI application. The application works nice when I start it from a cmd-prompt on my host. However, I would like to start if from a remote-login session to my host. I currently using CYGWIN sshd to login to the host. However, if I run my program in the ssh-session it is not associated with the "interactive windows station" (winsta0). I found the calls OpenWindowStation() and SetProcessWindowStation() which I was planning to use to attach my program to the winsta0.

Now, my problem is that OpenWindowStation() fails (GetLastError returns Access Denied). I try to call OpenWindowStation() with the following parameters (which I think represent the access rights I need to read and manipulate GUI objects):

  hwinsta = OpenWindowStation("winsta0", FALSE,
                              WINSTA_ACCESSCLIPBOARD   |
                              WINSTA_ACCESSGLOBALATOMS |
                              WINSTA_ENUMERATE         |
                              WINSTA_READATTRIBUTES    |
                              WINSTA_READSCREEN        |

Does any one know a solution to this problem? Can I prepare winsta0 to allow access?  Should I use some other method to gain access to the GUI objects?

I'm currently logged in as myself (administrators rights) at the desktop and also log in as myself via ssh. In the future I'd like to be able to logged in as someone else (no administrators rights) in the desktop and login as myself (administrators rights) on ssh and still get access to the winsta0. (That is, as an administator I would like to be able to remotely access any desktop owned by any user.)

I think I'm stuck here. Any help is appreciated. (BTW I'm not a Windows programmer by birth so I may have missed some really obvious things.)
Watch Question

might want to ask a pointer question in the programming TA for this one... the best guys for this question probly dont visit XP on their own.


Thaks for the tip!
Top Expert 2012
It is most likely that the security settings for the Window Station don't allow you opening it. See the sample code at http://support.microsoft.com/default.aspx?scid=kb;en-us;165194 ("CreateProcessAsUser() windowstations and desktops") which tackles the same issue by setting the ACE entries properly.


Seems like a great approach. However, I've been experimenting with that code for quite some hours now but with no real success.

I can run the functions AddTheAceWindowStation(hwinsta, psid) and AddTheAceDesktop(hdesk, psid) to install new access rights for myself to the winstation and the desktop (psid is created with my access rights). However I still cannot open (or access) the WinSta0 with WINSTA_WRITEATTRIBUTES. I can enumerate and access desktop objects but I cannot call SetCursorPos (GetLastError returns Access Denied).

I run the following code (with functions from the example pointed to above) to grant myself access to the winstation and desktop:

  HANDLE              hToken;
  HDESK               hdesk;
  HWINSTA             hwinsta;
  PSID                psid;

  hwinsta = OpenWindowStation("winsta0",
                              READ_CONTROL | WRITE_DAC);
  hdesk = OpenDesktop("default",
                      READ_CONTROL | WRITE_DAC |
  ObtainSid(hToken, &psid);
  AddTheAceWindowStation(hwinsta, psid);
  AddTheAceDesktop(hdesk, psid);

If I then attach my process & thread to the winstation and desktop with


I can read-access the desktop and its objects just fine (at least I can enumerate windows and read their screen position). However I cannot call SetCursorPos() neither can I open a new HWINSTA which have any of the access rights WINSTA_READSCREEN or WINSTA_WRITEATTRIBUTES.

In fact, calling the AddTheAce*() functions does not seem to change my access rights at all. If I remove the calls the code works just the same.

(BTW. in my real running code I check all the return codes and all calls complete successfully.)

Seems quite strange that I can successfully give myself rights but I cannot use these rights.

Any ideas?

Top Expert 2012

>>In fact, calling the AddTheAce*() functions does not seem to change my access rights at all

Well, you'll then need to debug the call and see where it fails...


Hmm... it does not seem to fail. All return codes are properly checkd for and each functions called return sucessfully. Thus I can only conclude that I've been able to sucessfully install the access rights.

Do I need to install access right for, or attach my process/thread to, any other object? For instance I did not know I had to call the SetThreadDesktop() before reading the article, maybe I've missed some other objcet?