Windows 10 virtual desktops are a window management feature, not a security feature


I was baffled by the question " How do program settings work in virtual desktops?" because it never occurred to me that people would consider virtual desktops to be some sort of secure program separation.

It's not doing anything of the sort. (After all, it says so right in the name: virtual desktops.)

Virtual desktops are purely a window management feature. They help you organize your windows. Asking whether windows on different virtual desktops have isolated settings is like asking whether windows on the left hand side of the screen have isolated settings from those on the right hand side of the screen.

If the virtual desktop feature had been built out of actual window manager desktop objects, you would be pretty unhappy. Windows in separate window manager desktops cannot interact with each other, so you couldn't drag from one window to another, or copy/paste between them. A window cannot move between window manager desktops, so you would be stuck with whatever desktop the window originally appeared in. And features like "Show on all desktops" would make no sense at all.

Instead, when you put a window on a virtual desktop, all you're doing is giving the system instructions on when you want to see the window and when you don't. The system shows the window when that virtual desktop is active and hides it when the virtual desktop is not active. If you say "Show on all virtual desktops", then the window is always shown. Moving a window between virtual desktops is just changing the rules for when the system hides and shows the window.

Dirty secret: I always forget that virtual desktops exist. I just keep everything on one virtual desktop.

Comments (42)
  1. Entegy says:

    I have two desktops. I mainly use Desktop 1, but Desktop 2 is for Fairly Common Task that involves a lot Remote Desktop windows. I find putting them there helps me focus on Fairly Common Task when I need to.

  2. Koro says:

    I would assume those are not implemented by toggling the WS_VISIBLE bit for compatibility (as many third-party tools since XP have tried to do, mostly unsuccessfully), but by having undocumented “tricks” in the DWM where it just does not present or hit-test a certain window not on the current “desktop”, am I right?

      1. Joshua says:

        So I opened the document because I was curious. I found the type of the extra argument for the enum value DWMA_CLOAK is neither documented nor hinted at. Most of the others are not documented but are hinted at by TRUE and FALSE (oh gee must be BOOL) but not this one. :(

        1. littlealex says:

          The documentation of DWMWA_CLOAK links to “How to How to animate the bitmap of a layered child window.”
          https://msdn.microsoft.com/en-us/library/windows/desktop/hh437378(v=vs.85).aspx

          There it shows an example for the usage of DWMWA_CLOAK, explicitely showing the argument to be BOOL.

        2. anai says:

          Remember to decloak before setting DWMWA_ACTIVATE_WEAPON_SYSTEM but note you will be visible.

          LLAP

  3. Gee Law says:

    Dirty secret 1: I was reading Desktop / Window Station documentation yesterday — I wonder if you could read my mind. Dirty secret 2: I always forget virtual desktops after fiddling with it for a while. Dirty secret 3: many Windows Store apps works badly with virtual desktops, with an exception of MS Edge.

    1. Microsoft Edge is not a Windows Store app.

      1. Gee Law says:

        Sorry to have forgotten that :-( Let’s try that again: with the exception of Calculator. (Personally I believe Edge manages its CoreWindows the same way other Windows Store apps do.)

  4. skSdnW says:

    Too bad flat UIs are all the rage now, otherwise you could have implemented the desktop switcher UI as a cube where each desktop is a side of the cube.

    I believe the SysInternals Desktops tool uses user32 desktop objects and this is of course not ideal because you need to run a instance of Explorer on each to get a taskbar/startmenu.

    1. That’s an example of a user interface that looks cool in demos but is unusable in practice. “To get from desktop 1 to desktop 2, I have to go right, and then rotate left 90 degrees. To get back to desktop 1, I have to go up, and then rotate left 90 degrees.” Why not just make users solve a Rubik’s Cube while they’re at it.

      1. skSdnW says:

        I don’t necessarily mean that you have to interact with a 3d-cube but it could be part of a switch animation where it zooms out slightly to where you see a cube in empty space, rotates it and then zooms in again. It is a bit of a gimmick that needs a setting to turn it off…or only show the animation the first 10 times.

        1. Mary B says:

          it’s a *lot* of a gimmick. save it for the screensaver! (but then, I have the same dirty little secret as Raymond)

        2. J Cobb says:

          Sounds a lot like what the MacOS desktop/user switcher was like… I think it just slides now.

        3. alegr1 says:

          Not more of a gimmick than Windows 7 Win+Tab

        4. smf says:

          zoom out and have all the desktops viewed using a fish eye lens (like https://www.youtube.com/watch?v=wzvS_beXtXk)

    2. florian says:

      The executable file of the SysInternals Desktops utility imports CreateDesktop, SwitchDesktop, and family.

      Real life never works like virtual desktops, for me: if I want to work on something new, or just have a cozy meal, I need to clear my table. But this is always a good feeling, finishing something, and giving room for new projects.

      That said, I don’t understand how people can keep everything around on multiple virtual desktops, and even sync their currently opened documents to the cloud. A “tabula rasa” is very liberating and inspiring, I believe!

      1. Voo says:

        If you have the option to be able to finish work one task at a time and have only relatively short-lived tasks that works great. For many people neither of those assumptions hold, at which point virtual desktops are a nice addition.

        That said I don’t use them much either, despite seeing the value.

    3. Lachlan Picking says:

      I remember Mark Russinovich talking about a case someone had sent him for Case of the Unexplained, where there was some malware on the machine that would prevent the user from opening Task Manager/Process Explorer/etc. but they were able to do so in a roundabout way using Desktops. I guess the malware wasn’t smart enough to reason about processes started from other desktop objects?

      1. ZLB says:

        Malware probably doing a FindWindow call to find if TaskManager is running. This won’t work across desktops.

    4. Nico says:

      Oh man, that takes me back…. I remember when Ubuntu was still brand new and Compiz Fusion was reaching stability and getting noticed. One of the big features was a cube with six virtual desktops: https://www.youtube.com/watch?v=E4Fbk52Mk1w

      Also, wow, it’s been 10 years since that video came out.

    5. Scott H. says:

      Several virtual desktop implementations offer this, including the old compiz for Linux and most of the current compositors. There are/were also things like CubeDesktop and DexCube for Windows. There was something I used to use back in the XP era that offered it, but I can’t remember the name now. Oddly, even though it was gimmicky, it helped me use it more effectively having the spatial awareness vs. just random desktops.

  5. Dave says:

    And I didn’t even know “Show on all virtual desktops” was an option. TIL

  6. torrinj says:

    Love virtual desktops. I got all excited in this post when I read that there is a “Show on all desktops” feature. Unfortunately, that’s in build 14316 and my organization likes to be way behind the curve with updates. Doh!

  7. pmbAustin says:

    I would use Virtual Desktops a lot more if I could 1) Name them, and 2) Persist them. And by “persist” them, I mean create 2 or 3 virtual desktops that are just ALWAYS THERE, even after reboot. I don’t mean preserve window layouts or apps on them or anything that complicated. And that the names would persist. It’d also be nice to have a jump-list on the taskview button so I can right-click to switch virtual desktops easily (and know which I’m switching to, because I can name them meaningfully).

    As implemented, they’re a sort of ‘nice to have’ feature that I keep forgetting about or don’t use as much as I should. I keep suggesting (via Feedback) these — what I hope are minor, in terms of effort — enhancements, but have never seen any feedback from anyone else that they agree with me. So perhaps I’m the only one.

    1. Wear says:

      Virtual Desktops are persisted in my experience. I have 4 virtual desktops open at work and have never had to re-open them. As for names I agree that would be nice but I’ve come to associate tasks with desktop numbers. Like email is Desktop 1, mobile development is Desktop 2, server development is Desktop 3 and Desktop 4 is for anything I don’t want on the other desktops.

      I also use Ctrl+Win+Left/right a lot and learned the ordering over time. If I’m looking at mobile code then I want to go right to look at server code.

      1. pmbAustin says:

        That reminds me of something else I wanted with the TaskView button on the task bar… that’s not really possible with the new Timeline button design. I wanted to see some dots under the icon… each dot indicating a virtual desktop, with the current one brighter than the others. So you could easily see at a glance “where you were” in a “spacial” relationship with other desktops (making even more sense with the left/right virtual desktop switching hot-keys).

        Anyway, when I first tested it out, I don’t recall the virtual desktops being persisted, so if they are, that’s great news and I need to try that again. I still think naming them, and a quick jump-list on the task view button to switch or add new would be awesome.

        1. awc says:

          don’t think they are persistant. pretty much every time i shutdown/boot up i have to sling task manager over to desktop 2 again.
          strange thing is, sometimes after using something like safe money of kaspersky, task manager gets bounced back to desktop 1 for some strange reason.

          mind you, i put task manager in desktop 2 to recover from things like screen going black (sort of tdr?) or alt-tabbing out of hung fullscreen program not sticking properly and can’t bring up task manager to kill it. apparently using task manager in a different desktop works quite well for that.

          if only i can have task manager always open in desktop 2 automatically.

    2. Jeremy says:

      I agree. I like a lot of the new stuff they’ve done with it like “Show on all Desktops” and the Timeline, but it would be nice to be able to rename them, and also reorder them.

  8. Azarien says:

    I really like virtual desktops, but they have a very serious annoyance: every now and then (like when opening a folder window) Windows decides it can reuse an existing window on a different desktop and switches to that. This is almost never what I wanted. I use virtual desktops to have separate workflows – switching back and forth between different projects.

    1. Each app decides whether they want to reuse a window or not. Some time ago, I showed how to update your app so it doesn’t reuse a window from the wrong virtual desktop.

      1. Azarien says:

        The main culprit is Windows Explorer. And I seriously wonder why it was done the way it is, the opposite of what I would expect.

      2. crossslide says:

        I really wish apps got (what I and I think most people think is) the correct behavior by default, of always opening a new window if none exists on the current desktop. Expecting every app developer to do extra work around every Windows shell feature to make it work the way it should isn’t realistic.

        1. But these apps were written before virtual desktops. How would they know which window is on the current virtual desktop if they have no concept of what a virtual desktop is?

          1. Erkin Alp Güney says:

            Easy: disallow any process to open windows on multiple virtual desktops.

  9. David says:

    Last time I looked, the thing that really killed the utility of virtual desktops on Windows was that you couldn’t change them on different monitors independently — swapping out my windows on all 3 monitors is almost never my desired behaviour. Is there a technical limitation that enforces “virtual desktops must span all monitors” — it seems that most other implementations don’t behave this way?

    1. pmbAustin says:

      You can pin apps to be on all desktops… I do that with my email app on my ’email monitor’, and my Slack/Skype apps on my ‘communications monitor’… which means only my ‘development monitor’ flips, really, as all the other apps stay in view.

  10. Neil says:

    If you have everything on one desktop, it’s not really a virtual desktop any more, is it?

  11. Lots of people mistake “virtual desktop” for “desktop virtualization”.

  12. JAS says:

    A window can “move” between window manager desktops within a process if it is persisted as thoroughly as a good mobile app, and if your UI framework isn’t doing stupid things like communicating between threads with FindWindowEx( ). That’s when it SHINES. Windows 10’s “virtual desktops” are hardly better than toggling WS_VISIBLE because windows bleed between them regularly. I remember early on I couldn’t even use IVirtualDesktopManager to return a window to the desktop I closed it from, and then to my shock I read this was discouraged.

    1. Win32 doesn’t have reliable window identity, so it’s not obvious when a newly-created window “is equivalent to” that window that got closed some time ago. And Win32 apps rarely persist their state the way mobile apps do. Virtual Desktops do they best they can with what they have to work with.

  13. Robert Butler says:

    Actually, it makes quite a bit more sense when you look at it from a semantic perspective- people are used to Windows desktops and how security works on them; so when you attach a modifier to a name people associate with security, wouldn’t it make sense for people to be a little confused about there not being any security features associated with them?

    Calling the feature by a name (e.g. “Workspace”) solves two and a half problems- 1.) It eliminates software engineering jargon, which makes people happy; most normal people don’t necessarily care what the term “virtual” means. 2.) it clearly separates the new feature from an already-established security thing (desktops), 2.5) Nobody needs to remember that when used in conjunction with a modifier, it means a different thing entirely.

    Most people’s eyes glaze over when you start throwing around tech terms like “virtual”, because as far as they’re concerned, it’s pretty ambiguous from the usage of the term within a given product name or feature description.

Comments are closed.

Skip to main content