Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Windows Developer Center
Click to Rate and Give Feedback
MSDN
MSDN Library
System Services
 SetThreadDesktop Function
SetThreadDesktop Function

Assigns the specified desktop to the calling thread. All subsequent operations on the desktop use the access rights granted to the desktop.

Syntax

C++ 
BOOL WINAPI SetThreadDesktop(
  __in  HDESK hDesktop
);

Parameters

hDesktop [in]

A handle to the desktop to be assigned to the calling thread. This handle is returned by the CreateDesktop, GetThreadDesktop, OpenDesktop, or OpenInputDesktop function.

This desktop must be associated with the current window station for the process.

Return Value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The SetThreadDesktop function will fail if the calling thread has any windows or hooks on its current desktop (unless the hDesktop parameter is a handle to the current desktop).

Warning  There is a significant security risk for any service that opens a window on the interactive desktop. By opening a desktop window, a service makes itself vulnerable to attack from the logged-on user, whose application could send malicious messages to the service's desktop window and affect its ability to function.

Requirements

Minimum supported clientWindows 2000 Professional
Minimum supported serverWindows 2000 Server
HeaderWinuser.h (include Windows.h)
LibraryUser32.lib
DLLUser32.dll

See Also

CreateDesktop
Desktops
GetThreadDesktop
OpenDesktop
SetProcessWindowStation
Window Station and Desktop Functions

Send comments about this topic to Microsoft

Build date: 11/19/2009

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
"access rights granted to the desktop" ?      71104   |   Edit   |   Show History

The first paragraph on this page says "All subsequent operations on the desktop use the access rights granted to the desktop."

This isn't very clear to me: I guess it means that any windows or hooks subsequently created by the thread are set on that desktop, but I don't understand what the "access rights granted to the desktop" are. Every desktop has a security descriptor contaning (among other things) a DACL, but it is not a security subject, it does not have a SID and does not have access rights: other ACLs in the system cannot refer to a desktop.

I would have understood that statement if it was on the CreateDesktop function's documentation: every subsequent operation on the newly created desktop uses the access rights granted to the desktop (as an object, not a subject) through the specified security descriptor.

© 2009 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement
Page view tracker