Wikipedia

Booting process of Windows NT: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Undid revision 1159420598 by Susanjenie (talk) - rv linkspam
m fix grammar for auto logon section
Line 96:
The authentication process is implemented by Winlogon. This program is responsible for responding to the [[Secure attention key|secure attention sequence]] (SAS), loading the user profile on logon, and optionally locking the computer when a [[screensaver]] is running.
[[File:Windows_11_pre-login.png|thumb|[[Windows 11]] lock screen, requiring user to press [[Control-Alt-Delete]].]]
Winlogon checks if automatic logon is enabled, Winlogonand if so, logs intoin to the specified account automatically.<ref>{{Cite web |last=Deland-Han |title=Configure Windows to automate logon - Windows Server |url=https://learn.microsoft.com/en-us/troubleshoot/windows-server/user-profiles-and-logon/turn-on-automatic-logon |access-date=2023-05-13 |website=learn.microsoft.com |language=en-us}}</ref> If there is not automatic logon enabled, Winlogon starts the process to allow the user to logon. Before Windows Vista this was done by [[Graphical identification and authentication|GINA]],<ref name=":4">{{Cite book |last=Russinvoich |first=Mark E. |title=Microsoft Windows Internals |last2=Solomon |first2=David |publisher=[[Microsoft Press]] |year=2005 |isbn=978-0735619173 |edition=4th |___location=Redmond, Washington |pages=81 |language=en}}</ref> but starting with Vista this is done by LogonUI. If configured, both of these programs display a prompt for the user to enter the Secure Attention Sequence (SAS) ([[Control-Alt-Delete]]). They then display the login dialog which prompts the user to enter their credentials. Once the user submits these credentials, they are passed to LSASS and any other additional network credential providers. This allows multiple network providers to authenticate the user at once during normal logon.<ref name=":3">{{cite book |last1=Ionescu |first1=Alex |title=Windows internals, Part 1 |last2=Russinovich |first2=Mark |last3=Solomon |first3=David A. |publisher=Microsoft Press |year=2012 |isbn=978-0735648739 |edition=6th |___location=Redmond, Wash. |pages=77}}</ref><ref name=":4" />
 
LSASS first tries to use cached data in the LSA database, the SECURITY hive of the registry. If there is none, LSASS determines which account protocol is to be used by using the security packages listed in the key <code>HKLM\SYSTEM\CurrentControlSet\Control\Lsa</code>. There are two standard packages, <code>msv1_0.dll</code>, which implements the [[NTLM]] protocols, and <code>Kerberos.dll</code>, which provides remote login by using [[Active Directory]]. <code>msv1_0.dll</code> is used in stand-alone systems and ___domain-member systems for backward compatibility. If the user is trying to log into the local host then <code>msv1_0.dll</code> uses the [[Security Account Manager]] database located at <code>HKLM/SAM</code>. If the user is trying to log into another host then the NetLogon [[Windows service|service]] is used to carry the data with the following sequence:<syntaxhighlight lang="text">msv1_0.dll <-> netlogon <-> remote netlogon <-> remote msv1_0.dll <-> remote SAM</syntaxhighlight>After the user is authenticated, LSASS enforces the local security policy (checking user permissions, creating audit trails, doling out security tokens, etc.) and passes control pack to Winlogon. Winlogon creates and opens an interactive windows station, <code>WinSta0</code>,<ref>{{cite web |title=Window Stations |url=http://msdn.microsoft.com/en-us/library/windows/desktop/ms687096%28v=vs.85%29.aspx |access-date=19 April 2014 |work=MSDN |publisher=Microsoft Corporation}}</ref> and creates three desktops, <code>Winlogon</code>, <code>Default</code> and <code>ScreenSaver</code>. Winlogon switches from the Winlogon desktop to the <code>Default</code> desktop when the shell indicates that it is ready to display something for the user, or after thirty seconds, whichever comes first. The system switches back to the <code>Winlogon</code> desktop if the user presses [[Control-Alt-Delete]] or when a [[User Account Control]] prompt is shown.<ref>{{cite web |title=Desktops |url=http://msdn.microsoft.com/en-us/library/windows/desktop/ms682573%28v=vs.85%29.aspx |access-date=19 April 2014 |work=MSDN |publisher=Microsoft Corporation}}</ref> Winlogon now starts the program specified in the Userinit value which defaults to <code>userinit.exe</code>. This value supports multiple executables.<ref name=":3" />
Retrieved from "https://en.wikipedia.org/wiki/Booting_process_of_Windows_NT"