Content deleted Content added
BrandonXLF (talk | contribs) Rewrote session manager and authentication sections to include wininit |
BrandonXLF (talk | contribs) Added images |
||
Line 21:
=== Operating system selection ===
[[File:Windows_Boot_Manager_with_Windows_7,Vista_and_XP.png|thumb
The boot loader, once executed, searches for Windows operating systems. Windows Boot Manager does so by reading [[Boot Configuration Data]] (BCD), a complex firmware-independent database for boot-time configuration data. Its predecessor, <code>NTLDR</code>, does so by reading the simpler <code>[[boot.ini]]</code>. If the boot.ini file is missing, the boot loader will attempt to locate information from the standard installation directory. For Windows NT and 2000 machines, it will attempt to boot from <code>C:\WINNT</code>. For machines running Windows XP, 2003, and later, it will boot from <code>C:\WINDOWS</code>.
Line 34:
=== Loading the Windows NT kernel ===
The operating system starts when certain basic drivers flagged as "Boot" are loaded into memory. The appropriate file system driver for the partition type (NTFS, FAT, or FAT32) which the Windows installation resides in is amongst them. At this point in the boot process, the boot loader clears the screen and displays a textual progress bar (which is often not seen due to the initialization speed); Windows 2000 also displays the text "Starting Windows..." underneath.
[[File:Windows_Advanced_Options_menu.png
If the user presses F8 during this phase, the [[#Advanced options|advanced options menu]] is displayed, containing various special boot modes including [[Safe mode]], with the Last Known Good Configuration, with debugging enabled, and (in the case of Server editions) [[Directory Services Restore Mode]]. Starting with Windows Vista, this menu was changed significantly. Once a boot mode has been selected (or if F8 was never pressed) booting continues.
Line 85:
The manager is also responsible for doing any operations that are requested to be done at the start of a session. Commands listed in <code>HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute</code>, such as <code>autochk</code> and <code>convert</code>, are executed. These commands are run before services are loaded by later steps of the booting process.<ref name="Troubleshooting" /> Any rename operations queued at <code>HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations</code>. This is used to allow previously in-use files (e.g. drivers) to be replaced as part of a reboot.<ref name=":0">{{cite book |last1=Ionescu |first1=Alex |title=Windows internals, Part 2 |last2=Russinovich |first2=Mark |last3=Solomon |first3=David A. |publisher=Microsoft |year=2012 |isbn=978-0735665873 |edition=6th |___location=Redmond, Wash. |pages=522–527}}</ref>
[[File:Autochk Windows 10.png|thumb|<code>autochk</code> running on [[Windows 10]].]]
<code>autochk</code> mounts all drives and checks them one at a time to see whether or not they were cleanly unmounted. If autochk determines one or more volumes are dirty, it will automatically run chkdsk and provides the user with a short window to abort the repair process by pressing a key within 10 seconds (introduced in Windows NT 4.0 Service Pack 4; earlier versions would not allow the user to abort chkdsk). Since Windows 2000, XP and 2003 show no text screen at that point (unlike NT 3.1 to 4.0, which displayed a blue text screen), the user will see a different background picture holding a mini-text-screen in the center of the screen and show the progress of chkdsk there.<ref>{{Cite web |title=Resource Kit |url=http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/prkd_tro_mdca.asp |url-status=dead |archive-url=https://web.archive.org/web/20070311183615/http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/prkd_tro_mdca.asp |archive-date=March 11, 2007 |publisher=Microsoft Corporation}}</ref>
Line 95:
{{details|Winlogon}}
The authentication process is implemented by Winlogon. This program is responsible for responding to the [[Secure attention key|secure attention sequence]] (SAS), loading the user profile on logon, and optionally locking the computer when a [[screensaver]] is running.
[[File:Windows_11_pre-login.png|thumb|[[Windows 11]] lock screen, requiring user to press [[Control-Alt-Delete]].]]
Winlogon checks if automatic logon is enabled, Winlogon logs into the specified account automatically.<ref>{{Cite web |last=Deland-Han |title=Configure Windows to automate logon - Windows Server |url=https://learn.microsoft.com/en-us/troubleshoot/windows-server/user-profiles-and-logon/turn-on-automatic-logon |access-date=2023-05-13 |website=learn.microsoft.com |language=en-us}}</ref> If there is not automatic logon enabled, Winlogon starts the process to allow the user to logon. Before Windows Vista this was done by GINA,<ref name=":4">{{Cite book |last=Russinvoich |first=Mark E. |title=Microsoft Windows Internals |last2=Solomon |first2=David |publisher=[[Microsoft Press]] |year=2005 |isbn=978-0735619173 |edition=4th |___location=Redmond, Washington |pages=81 |language=en}}</ref> but starting with Vista this is done by LogonUI. If configured, both of these programs display a prompt for the user to enter the Secure Attention Sequence (SAS) ([[Control-Alt-Delete]]). They then display the login dialog which prompts the user to enter their credentials. Once the user submits these credentials, they are passed to LSASS and any other additional network credential providers. This allows multiple network providers to authenticate the user at once during normal logon.<ref name=":3">{{cite book |last1=Ionescu |first1=Alex |title=Windows internals, Part 1 |last2=Russinovich |first2=Mark |last3=Solomon |first3=David A. |publisher=Microsoft Press |year=2012 |isbn=978-0735648739 |edition=6th |___location=Redmond, Wash. |pages=77}}</ref><ref name=":4" />
| |||