Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,723 questions
Disabling or detecting the use of Desktop Duplication API
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 17%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH8%3C/text%3E%3C/svg%3E)
HFU-8017
0
Reputation points
We provide software that locks down devices in order to ensure the user remains within our application, and that they don't have access to any outside resources. One class of software that we block is remote desktop clients. We block this through several means, including blocking specific remote desktop applications, as well as using CreateDesktopW to create a private desktop for our application to operate within.
However, remote desktop applications that use the Desktop Duplication API (https://learn.microsoft.com/en-us/windows/win32/direct3ddxgi/desktop-dup-api) in order to access the screen seem to still be able to operate. Is there any way to disable this API, or to detect when it is being used?
We have already considered the following, but not found a viable path yet:
- Group Policy Settings: There are Group Policy settings relevant to remote access, but nothing specific to the Desktop Duplication API. Even after updating the Group Policy settings, we are still able to remotely access the device through e.g. Sunshine remote desktop
- Windows Security Auditing: Windows Security Auditing doesn’t provide a way to list processes attempting to use the Desktop Duplication API. While processes attempting to access dxgi.dll can be detected, there are many legitimate uses of this DLL, which would lead to false positives.
- Kernel-Level Hooks (Advanced and Risky): We consider this a last resort.
{count} votes
-
Jeanine Zhang-MSFT 10,526 Reputation points Microsoft Vendor2025-01-16T02:01:35.8933333+00:00 In my opinion, there is no WinAPI to disable or detect the use of Desktop Duplication API. You could try to use tools like API monitors or debuggers to track the API calls.
-
Deleted
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
-
Deleted
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
-
Deleted
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 92%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERL%3C/text%3E%3C/svg%3E)
Roy Li - MSFT 33,671 Reputation points Microsoft Vendor2025-02-04T08:36:27.8266667+00:00 Haven't heard from you for a while. Have you solved your issue?
Sign in to comment
Sign in to answer