Windows 2012 Interact With Desktop

Interactive Services

Interactive services are services which may interact with the desktop, typically using a tray icon to configure and control the service.  Services run in session and in versions of Windows prior to Vista, the console desktop was also run in session 0.  Checking the interact with desktop option in Service Control Manager, would then allow communication between the console desktop and the service process.  Enabling interact with desktop creates a security exploit, where a malicious application running on an Administrators session, may control the service by passing Windows messages to the tray applications window handle.

Microsoft moved the console desktop to session 1, on Windows Vista and later versions of the Desktop and Server OS. This created various issues for legacy service applications which used tray icons and the interact with desktop setting.  Control applications launched form the system tray may cause warning messages and fail to control or reflect the current state of the service.  

With Windows Server 2012, the default behaviour has changed to disable the interact with desktop feature. Implicated services will produce a system error log event (EVENTID 7030), when the tray icon process starts up.  The interact with desktop setting remains present but is effectively disabled.

Legacy Workaround

In legacy situations, where a critical process requires desktop interaction and fails to function correctly without it, the default setting may be changed by editing the registry key

HKLM\System\CurrentControlSet\Windows\NoInteractiveServices

Even after changing the default, the tray icon will only function on the console desktop.  The tray icon may not be visible for Remote Desktop Users and it is advised, not to change the default or enable tray icon service control applications on Terminal Servers.