Content deleted Content added
BrandonXLF (talk | contribs) No edit summary |
m Duplicate word reworded |
||
Line 98:
Winlogon checks if automatic logon is enabled, Winlogon logs into the specified account automatically.<ref>{{Cite web |last=Deland-Han |title=Configure Windows to automate logon - Windows Server |url=https://learn.microsoft.com/en-us/troubleshoot/windows-server/user-profiles-and-logon/turn-on-automatic-logon |access-date=2023-05-13 |website=learn.microsoft.com |language=en-us}}</ref> If there is not automatic logon enabled, Winlogon starts the process to allow the user to logon. Before Windows Vista this was done by GINA,<ref name=":4">{{Cite book |last=Russinvoich |first=Mark E. |title=Microsoft Windows Internals |last2=Solomon |first2=David |publisher=[[Microsoft Press]] |year=2005 |isbn=978-0735619173 |edition=4th |___location=Redmond, Washington |pages=81 |language=en}}</ref> but starting with Vista this is done by LogonUI. If configured, both of these programs display a prompt for the user to enter the Secure Attention Sequence (SAS) ([[Control-Alt-Delete]]). They then display the login dialog which prompts the user to enter their credentials. Once the user submits these credentials, they are passed to LSASS and any other additional network credential providers. This allows multiple network providers to authenticate the user at once during normal logon.<ref name=":3">{{cite book |last1=Ionescu |first1=Alex |title=Windows internals, Part 1 |last2=Russinovich |first2=Mark |last3=Solomon |first3=David A. |publisher=Microsoft Press |year=2012 |isbn=978-0735648739 |edition=6th |___location=Redmond, Wash. |pages=77}}</ref><ref name=":4" />
LSASS first tries to use cached data in the LSA database, the SECURITY hive of the registry. If there is none, LSASS determines which account protocol is to be used by using the security packages listed in the key <code>HKLM\SYSTEM\CurrentControlSet\Control\Lsa</code>. There are two standard packages, <code>msv1_0.dll</code>, which implements the [[NT LAN Manager]] protocols, and <code>Kerberos.dll</code>, which provides remote login by using [[Active Directory]]. <code>msv1_0.dll</code> is used in stand-alone systems and ___domain-member systems for backward compatibility. If the user is trying to log into the local host then <code>msv1_0.dll</code> uses the [[Security Account Manager]] database located at <code>HKLM/SAM</code>. If the user is trying to log into another host then the NetLogon [[Windows service|service]] is used to carry the data with the following sequence:<syntaxhighlight lang="text">msv1_0.dll <-> netlogon <-> remote netlogon <-> remote msv1_0.dll <-> remote SAM</syntaxhighlight>After the user is authenticated, LSASS enforces the local security policy (checking user permissions, creating audit trails, doling out security tokens, etc.) and passes control pack to Winlogon. Winlogon creates and opens an interactive windows station, <code>WinSta0</code>,<ref>{{cite web |title=Window Stations |url=http://msdn.microsoft.com/en-us/library/windows/desktop/ms687096%28v=vs.85%29.aspx |access-date=19 April 2014 |work=MSDN |publisher=Microsoft Corporation}}</ref> and creates three desktops, <code>Winlogon</code>, <code>Default</code> and <code>ScreenSaver</code>. Winlogon switches from the Winlogon desktop
== Shell ==
| |||