How does Windows choose the Session ID?

Question

Recently I had to learn what the session ID was in Windows in order to get PSExec to run a powershell script. Most of the time I noticed that the session ID on each machine is 1, but one one of my machines I noticed it is 2.

They key difference is that on the machines where it is 1, I logged into Windows directly by being physically in front of the computer, but the machine where it is 2 I had restarted it from within a remote desktop connection, and then logged in for the first time again from within a remote desktop session (so, since I had restarted, I had never signed in directly by being physically in front of the computer).

Here's what the list of active sessions look like on both a machine with a session ID of 1 (top) and 2 (bottom):

Is there documentation on how this number is set? It's a little inconvenient that it isn't always 1. I wouldn't have expected 2 to be chosen in the above observation, for example.

Answer 1

Windows uses sessions as a method for isolating software.

As your images show, session 0 is used for the Windows system services and is created during the boot. This session holds and isolates the system services from the interactive users.

The next session 1 is reserved for the interactive console user, even if there is none yet. It will be created when the user logs in from the console of the computer.

Each time a user logs on, his logon session is assigned the next available session ID. This also goes for a user logging on from a remote desktop, so the assigned session IDs begin with session 2.

If on Windows Server several users logon remotely, their sessions numbers will be 2, 3 and so on, intermixed with session ids allocated for remote RDP logins.

The session mechanism totally isolates software running in one session from the other, such that it cannot contact or influence in any way software running in other sessions.

For more information, see the Microsoft article Remote Desktop Sessions.