Even if no user has logged in at the console since the machine rebooted, Remote Desktop creates a pseudo-session that belongs to nobody. (It does have a few of the critical processes, like winlogon, running in it.) This wouldn't be much of a problem, except that it is the ID of that session that is returned by the function in question. So, if you create a process on the session returned by this function, you'll create a window that nobody can ever see if the user is logged on with Remote Desktop.
This makes sense, considering that the function's name includes console, but I really wish it would return the "no user logged on" value of -1 rather than the ID of a useless session.