[WINLOGON]

- Create the window station handle and the desktops with MAXIMUM_ALLOWED access rights.
- Call AddAceToWindowStation before calling SetWindowStationUser.

svn path=/trunk/; revision=66863

reactos/base/system/winlogon/sas.c

@@ -1007,6 +1007,11 @@ DoGenericAction(
 
 DWORD WINAPI SetWindowStationUser(HWINSTA hWinSta, LUID* pluid, PSID psid, DWORD sidSize);
 
+BOOL
+AddAceToWindowStation(
+    IN HWINSTA WinSta,
+    IN PSID Sid);
+
 static
 BOOL AllowWinstaAccess(PWLSESSION Session)
 {
@@ -1069,6 +1074,8 @@ BOOL AllowWinstaAccess(PWLSESSION Session)
         goto Cleanup;
     }
 
+    AddAceToWindowStation(Session->InteractiveWindowStation, psid);
+
     ret = SetWindowStationUser(Session->InteractiveWindowStation,
                                &Stats.AuthenticationId,
                                psid,

reactos/base/system/winlogon/wlx.c

@@ -1235,7 +1235,7 @@ CreateWindowStationAndDesktops(
     Session->InteractiveWindowStation = CreateWindowStationW(
         Session->InteractiveWindowStationName,
         0,
-        GENERIC_ALL,
+        MAXIMUM_ALLOWED,
         &DefaultSecurity);
     if (!Session->InteractiveWindowStation)
     {
@@ -1256,7 +1256,7 @@ CreateWindowStationAndDesktops(
         NULL,
         NULL,
         0, /* FIXME: Add DF_ALLOWOTHERACCOUNTHOOK flag? */
-        GENERIC_ALL,
+        MAXIMUM_ALLOWED,
         &UserDesktopSecurity);
     if (!Session->ApplicationDesktop)
     {
@@ -1272,7 +1272,7 @@ CreateWindowStationAndDesktops(
         NULL,
         NULL,
         0,
-        GENERIC_ALL,
+        MAXIMUM_ALLOWED,
         &DefaultSecurity);
     if (!Session->WinlogonDesktop)
     {
@@ -1288,7 +1288,7 @@ CreateWindowStationAndDesktops(
         NULL,
         NULL,
         0,
-        GENERIC_ALL,
+        MAXIMUM_ALLOWED,
         &DefaultSecurity);
     if(!Session->ScreenSaverDesktop)
     {