The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,977 other subscribers

Windows Users like “Window Manager\DWM-3” are virtual users

Posted by jpluimers on 2021/03/15

Having seen logon failures from user Window Manager\DWM-3 while on a public WiFi network, I did a quick search on [WayBack] “Window Manager\DWM-3” – Google Search.

It appeared somebody trying a dictionary attack on the RDP port of my Windows VM which was on the host Bridged Network (see [] Help – VMware Fusion 6 Documentation Center).

This is a virtual user that is part of a series of users that the Desktop Window Manager started using from Windows 8 and up.

The first user always exist, DWM-2 and up are created for new dwm.exe processes (by winlogon.exe) when users start logging on through RDP connections to a Windows machine:

  1. Window Manager\DWM-1
  2. Window Manager\DWM-2
  3. Window Manager\DWM-3
  4. Window Manager\DWM-4

In addition to logging on as a new user, as of Windows 8, these also are created when shutting down and starting up (which Windows fools you by actually doing a kind of hibernate): [Wayback] windows 8 – What is winlogon.exe -SpecialSession? – Super User



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: