I have downloaded a Windows Station/Desktop DACL editor.
The program shows the DACLs (winstadacl.exe). There are twor users as "Unknown" and RESTRICTED.
Unknown should be a deleted users or kind of user that was created during windows startup and windows statation creation and then deleted. I guess so because I couldn´t find any reference to its SID in the registry. I also don´t know exactly who RESTRICTED is. Could you help me to uderstand more about who is included as RESTRICTED? Do you know about users that XP creates and delete for any reason?
I am programming a software that will run as a Service, that needs ti interact with desktop, and I would like to understand what is happening bihind the curtain in order to not leaving security holes.
Thank you in advance.