A new desktop inherits its SD from its parent windowstation. A desktop is not opened when it is created; it must be opened with OpenDesktop.
Generic mapping:
| Value | Maps to |
| GENERIC_READ | DESKTOP_ENUMWINDOWS~| DESKTOP_ENUMERATE~| STANDARD_RIGHTS_READ |
| GENERIC_WRITE | DESKTOP_CREATEWINDOW~| DESKTOP_CREATEMENU~| DESKTOP_HOOKCONTROL~| DESKTOP_JOURNALRECORD~| JOURNALPLAYBACK~ | STANDARD_RIGHTS_WRITE |
| GENERIC_EXECUTE | STANDARD_RIGHTS_EXECUTE |
| GENERIC_ALL | DESKTOP_ENUMWINDOWS~| DESKTOP_ENUMERATE~| DESKTOP_CREATEWINDOW~| DESKTOP_CREATEMENU~| DESKTOP_HOOKCONTROL~ | DESKTOP_JOURNALRECORD~| JOURNALPLAYBACK~| STANDARD_RIGHTS_REQUIRED |
The following discretionary ACEs are created:
ACE 0:
ACE Type = AccessAllowed
sid = LogonSid
AccessMask =
DESKTOP_CREATEWINDOW~| DESKTOP_CREATEMENU~|
DESKTOP_ENUMWINDOWS~| DESKTOP_ENUMERATE~|
DESKTOP_HOOKCONTROL~ | DESKTOP_JOURNALRECORD~|
JOURNALPLAYBACK~| STANDARD_RIGHTS_REQUIRED
Not Inheritable
ACE 1:
ACE Type = AccessAllowed
sid = LogonSid
AccessMask =
GenericRead~| GenericWrite~|
GenericExecute~| GenericAll
Inheritable Only
Inheritable by containers
Inheritable by non containers
Inheritance is to be propagated